CCI-002454

The organization defines the security attributes the information system is to associate with the information being exchanged between information systems and between information system components.

Implementation Guidance

The organization being inspected/assessed defines and documents the security attributes the information system is to associate with the information being exchanged between information systems and between information system components. DoD has determined the security attributes are not appropriate to define at the Enterprise level.

Validation Procedures

The organization conducting the inspection/assessment obtains and examines the documented security attributes to ensure the organization being inspected/assessed defines the security attributes the information system is to associate with the information being exchanged between information systems and between information system components. DoD has determined the security attributes are not appropriate to define at the Enterprise level.

Compelling Evidence

1.) Signed and dated System Security Plan (SSP) that defines security attributes the information system is to associate with the information being exchanged between information systems and between information system components.

The controls below (if any) were marked by NIST as being related to CCI-002454.