CCI-002523

The organization defines the individuals or information systems authorized to be recipients of organization-defined information, information system components, or devices to be delivered by employing organization-defined out-of-band channels for electronic transmission or physical delivery.

Implementation Guidance

The organization being inspected/assessed defines and documents the individuals or information systems authorized to be recipients of organization-defined information, information system components, or devices to be delivered by employing organization-defined out-of-band channels for electronic transmission or physical delivery. DoD has determined the individuals or information systems are not appropriate to define at the Enterprise level.

Validation Procedures

The organization conducting the inspection/assessment obtains and examines the documented information, information system components, or devices to ensure the organization being inspected/assessed defines the individuals or information systems authorized to be recipients of organization-defined information, information system components, or devices to be delivered by employing organization-defined out-of-band channels for electronic transmission or physical delivery. DoD has determined the individuals or information systems are not appropriate to define at the Enterprise level.

Compelling Evidence

1.) Signed and dated Standard Operating Procedure (SOP). 2.) Concept of Operations (CONOP). 3.) Installation guide (reference "electronic transmission or physical delivery" section).

The controls below (if any) were marked by NIST as being related to CCI-002523.