Navigate

CCI-002526

CCI-002526 Definition

The organization defines the information, information system components, or devices which are to be received only by organization-defined individuals or information systems.

Status
Type	CheckType.policy

Master Assessment Datasheet

Implementation Guidance

The organization being inspected/assessed defines and documents the information, information system components or devices which are to be received only by organization-defined individuals or information systems. DoD has determined the information, information system components or devices are not appropriate to define at the Enterprise level.

Validation Procedures

The organization conducting the inspection/assessment obtains and examines the documented information, information system components or devices to ensure the organization being inspected/assessed defines the information, information system components or devices which are to be received only by organization-defined individuals or information systems. DoD has determined the information, information system components or devices are not appropriate to define at the Enterprise level.

Compelling Evidence

1.) Signed and dated Standard Operating Procedure (SOP). 2.) Concept of Operations (CONOP). 3.) System security plan (SSP) (reference "security" section).

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-002526.

Control	Description
SC-37 (1)	The organization employs [Assignment: organization-defined security safeguards] to ensure that only [Assignment: organization-defined individuals or information systems] receive the [Assignment: organization-defined information, information system components, or devices].