Navigate

CCI-002375

CCI-002375 Definition

The organization takes organization-defined corrective actions when information about the information system is discoverable by adversaries.

Status
Type	CheckType.policy

Master Assessment Datasheet

Implementation Guidance

The organization being inspected/assessed documents and implements a process to take the corrective actions defined in RA-5 (4), CCI 2374 when information about the information system is discoverable by adversaries. The organization must maintain a record of actions taken.

Validation Procedures

The organization conducting the inspection/assessment obtains and examines the documented process as well as the record of actions taken to ensure the organization being inspected/assessed takes the corrective actions defined in RA-5 (4), CCI 2374 when information about the information system is discoverable by adversaries.

Compelling Evidence

1.) System security plan (SSP). 2.) Reference to system security plan (SSP) section pertaining to corrective action procedure if the information system is compromised.

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-002375.

Control	Description
RA-5 (4)	The organization determines what information about the information system is discoverable by adversaries and subsequently takes [Assignment: organization-defined corrective actions].