Navigate

CCI-002356

CCI-002356 Definition

Defines the access control policies to be implemented by the reference monitor.

Status
Type	CheckType.policy

Master Assessment Datasheet

Implementation Guidance

The organization being inspected/assessed defines and documents the access control policies to be implemented by the information system's reference monitor. DoD has determined the access control policies are not appropriate to define at the Enterprise level.

Validation Procedures

The organization conducting the inspection/assessment obtains and examines the documented access control policies to ensure the organization being inspected/assessed defines the access control policies to be implemented by the information system's reference monitor. DoD has determined the access control policies are not appropriate to define at the Enterprise level.

Compelling Evidence

1.) Signed and dated access control policy that defines the access control policies to be implemented by the information system's reference monitor.

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-002356.

Control	Description
AC-25	The information system implements a reference monitor for [organization-defined access control policies] that is tamperproof, always invoked, and small enough to be subject to analysis and testing, the completeness of which can be assured.