Navigate

CCI-002378

CCI-002378 Definition

The organization defines the personnel or roles to be recipients of the system and communications protection policy.

Status
Type	CheckType.policy

Master Assessment Datasheet

Implementation Guidance

The organization being inspected/assessed defines and documents personnel or roles to be recipients of the system and communications protection policy. The personnel or roles must include at a minimum, the ISSM/ISSO. DoD has defined the personnel or roles as at a minimum, the ISSO/ISSM.

Validation Procedures

The organization conducting the inspection/assessment obtains and examines the documented personnel or roles to ensure the organization being inspected/assessed defines the personnel or roles to be recipients of the system and communications protection policy. The personnel or roles must include at a minimum, the ISSM/ISSO. DoD has defined the personnel or roles as at a minimum, the ISSO/ISSM.

Compelling Evidence

1.) Signed and dated documentation that lists all the roles and personnel who must be a recipients of the system and communication protection policy.

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-002378.

Control	Description
SC-1	The organization: SC-1a.: Develops, documents, and disseminates to [Assignment: organization-defined personnel or roles]: SC-1a.1.: A system and communications protection policy that addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance; and SC-1a.2.: Procedures to facilitate the implementation of the system and communications protection policy and associated system and communications protection controls; and SC-1b.: Reviews and updates the current: SC-1b.1.: System and communications protection policy [Assignment: organization-defined frequency]; and SC-1b.2.: System and communications protection procedures [Assignment: organization-defined frequency].

Control

Description

SC-1

The organization:

SC-1a.: Develops, documents, and disseminates to [Assignment: organization-defined personnel or roles]:
- SC-1a.1.: A system and communications protection policy that addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance; and
- SC-1a.2.: Procedures to facilitate the implementation of the system and communications protection policy and associated system and communications protection controls; and

SC-1b.: Reviews and updates the current:
- SC-1b.1.: System and communications protection policy [Assignment: organization-defined frequency]; and
- SC-1b.2.: System and communications protection procedures [Assignment: organization-defined frequency].