CCI-002552

Verify that the system is configured so that data or information collected by the organization-defined sensors is only reported to authorized individuals or roles.

Implementation Guidance

Determine if the system is configured so that data or information collected by the [SC-42(01)_ODP; sensors to be used to collect data or information are defined] is only reported to authorized individuals or roles.

Validation Procedures

Examine: [SELECT FROM: System and communications protection policy; access control policy and procedures; procedures addressing sensor capability and data collection; personally identifiable information processing policy; system design documentation; system configuration settings and associated documentation; system architecture; system audit records; system security plan; privacy plan; other relevant documents or records]. Interview: [SELECT FROM: System/network administrators; organizational personnel with information security and privacy responsibilities; system developer; organizational personnel installing, configuring, and/or maintaining the system; organizational personnel responsible for the sensor capabilities]. Test: [SELECT FROM: Mechanisms restricting the reporting of sensor information to those authorized; sensor data collection and reporting capabilities for the system].

The controls below (if any) were marked by NIST as being related to CCI-002552.