CCI-002523
CCI-002523 Definition
| Status | |
| Type | CheckType.policy |
Master Assessment Datasheet
Implementation Guidance
Determine if [SC-37_ODP[01]; out-of-band channels to be employed for the physical delivery or electronic transmission of information, system components, or devices to individuals or the system are defined] are employed for the physical delivery or electronic transmission of [SC-37_ODP[02]; information, system components, or devices to employ out-of-band-channels for physical delivery or electronic transmission are defined] to [SC-37_ODP[03]; individuals or systems to which physical delivery or electronic transmission of information, system components, or devices is to be achieved via the employment of out-of-band channels are defined].
Validation Procedures
Examine: [SELECT FROM: System and communications protection policy; procedures addressing the use of out-of-band channels; access control policy and procedures; identification and authentication policy and procedures; system design documentation; system architecture; system configuration settings and associated documentation; list of out-of-band channels; types of information, system components, or devices requiring the use of out-of-band channels for physical delivery or electronic transmission to authorized individuals or systems; physical delivery records; electronic transmission records; system audit records; system security plan; other relevant documents or records]. Interview: [SELECT FROM: System/network administrators; organizational personnel with information security responsibilities; organizational personnel installing, configuring, and/or maintaining the system; organizational personnel authorizing, installing, configuring, operating, and/or using out-of-band channels; system developers/integrators]. Test: [SELECT FROM: Organizational processes for the use of out-of-band channels; mechanisms supporting and/or implementing the use of out-of-band channels].