CCI-002552

The organization ensures that the information system is configured so that data or information collected by the organization-defined sensors is only reported to authorized individuals or roles.

Implementation Guidance

The organization being inspected/assessed documents and implements a process to ensure that the information system is configured so that data or information collected by the sensors defined in SC-42 (1), CCI 2551 is only reported to authorized individuals or roles.

Validation Procedures

The organization conducting the inspection/assessed obtains and examines the documented process as well as a sampling of devices to ensure the organization being inspected/assessed configures the information system so that data or information collected by the sensors defined in SC-42 (1), CCI 2551 is only reported to authorized individuals or roles.

Compelling Evidence

1.) Process documentation on how the site configures the information system so that data or information collected by the sensors defined in SC-42 (1), CCI 2551 is only reported to authorized individuals or roles..

The controls below (if any) were marked by NIST as being related to CCI-002552.