Navigate

CCI-002525

CCI-002525 Definition

Defines the controls to be employed to ensure only organization-defined individuals or systems receive organization-defined information, system components, or devices.

Status
Type	CheckType.policy

Master Assessment Datasheet

Implementation Guidance

Determine if [SC-37(01)_ODP[01]; controls to be employed to ensure that only designated individuals or systems receive specific information, system components, or devices are defined] are employed to ensure that only [SC-37(01)_ODP[02]; individuals or systems designated to receive specific information, system components, or devices are defined] receive [SC-37(01)_ODP[03]; information, system components, or devices that only individuals or systems are designated to receive are defined].

Validation Procedures

Examine: [SELECT FROM: System and communications protection policy; procedures addressing the use of out-of-band channels; access control policy and procedures; identification and authentication policy and procedures; system design documentation; system architecture; system configuration settings and associated documentation; list of security safeguards to be employed to ensure that designated individuals or systems receive organization-defined information, system components, or devices; list of security safeguards for delivering designated information, system components, or devices to designated individuals or systems; list of information, system components, or devices to be delivered to designated individuals or systems; system audit records; system security plan; other relevant documents or records]. Interview: [SELECT FROM: System/network administrators; organizational personnel with information security responsibilities; organizational personnel installing, configuring, and/or maintaining the system; organizational personnel authorizing, installing, configuring, operating, and/or using out-of-band channels; system developers/integrators]. Test: [SELECT FROM: Organizational processes for the use of out-of-band channels; mechanisms supporting and/or implementing the use of out-of-band channels; mechanisms supporting/implementing safeguards to ensure the delivery of designated information, system components, or devices].

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-002525.

Control	Description
SC-37(1)	Employ [controls to be employed to ensure that only designated individuals or systems receive specific information, system components, or devices are defined;] to ensure that only [individuals or systems designated to receive specific information, system components, or devices are defined;] receive the following information, system components, or devices: [information, system components, or devices that only individuals or systems are designated to receive are defined;].

Control

Description

SC-37(1)

Employ [controls to be employed to ensure that only designated individuals or systems receive specific information, system components, or devices are defined;] to ensure that only [individuals or systems designated to receive specific information, system components, or devices are defined;] receive the following information, system components, or devices: [information, system components, or devices that only individuals or systems are designated to receive are defined;].