Navigate

CCI-002374

CCI-002374 Definition

The organization defines the corrective actions when information about the information system is discoverable by adversaries.

Status
Type	CheckType.policy

Master Assessment Datasheet

Implementation Guidance

The organization being inspected/assessed defines and documents the corrective actions when information about the information system is discoverable by adversaries. DoD has determined the corrective actions are not appropriate to define at the Enterprise level.

Validation Procedures

The organization conducting the inspection/assessment obtains and examines the documented corrective actions to ensure the organization being inspected/assessed defines the corrective actions when information about the information system is discoverable by adversaries. DoD has determined the corrective actions are not appropriate to define at the Enterprise level.

Compelling Evidence

1.) System security plan (SSP) 2.) Reference to system security plan (SSP) section pertaining to corrective action procedure if the information system is compromised.

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-002374.

Control	Description
RA-5 (4)	The organization determines what information about the information system is discoverable by adversaries and subsequently takes [Assignment: organization-defined corrective actions].