Navigate

CCI-000236

CCI-000236 Definition

The organization determines information protection needs arising from the defined mission/business processes and revises the processes as necessary, until an achievable set of protection needs are obtained.

Status
Type	CheckType.policy

Master Assessment Datasheet

Implementation Guidance

The organization being inspected/assessed determines information protection needs IAW CNSSI 1253 and as identified in RA-2.

Validation Procedures

The organization conducting the inspection/assessment obtains and examines the security plan to ensure the security categorization has been documented IAW CNSSI 1253.

Compelling Evidence

1.) Signed and dated security plan that includes information protection needs derived from mission/businesses processes.

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-000236.

Control	Description
PM-11	The organization: PM-11a.: Defines mission/business processes with consideration for information security and the resulting risk to organizational operations, organizational assets, individuals, other organizations, and the Nation; and PM-11b.: Determines information protection needs arising from the defined mission/business processes and revises the processes as necessary, until achievable protection needs are obtained.

Control

Description

PM-11

The organization:

PM-11a.: Defines mission/business processes with consideration for information security and the resulting risk to organizational operations, organizational assets, individuals, other organizations, and the Nation; and

PM-11b.: Determines information protection needs arising from the defined mission/business processes and revises the processes as necessary, until achievable protection needs are obtained.