CCI-002553

Defines the measures to be employed to ensure data or information collected by organization-defined sensors is used only for authorized purposes.

Implementation Guidance

Determine if [SC-42(02)_ODP; measures to be employed so that data or information collected by sensors is only used for authorized purposes are defined] are employed so that data or information collected by [SC-42(01)_ODP; sensors to be used to collect data or information are defined] is only used for authorized purposes.

Validation Procedures

Examine: [SELECT FROM: System and communications protection policy; access control policy and procedures; personally identifiable information processing policy; sensor capability and data collection; system design documentation; system configuration settings and associated documentation; system architecture; list of measures to be employed to that the ensure data or information collected by sensors is only used for authorized purposes; system audit records; system security plan; privacy plan; other relevant documents or records]. Interview: [SELECT FROM: System/network administrators; organizational personnel with information security and privacy responsibilities; organizational personnel installing, configuring, and/or maintaining the system; organizational personnel responsible for sensor capabilities]. Test: [SELECT FROM: Mechanisms supporting and/or implementing measures to ensure that sensor information is only used for authorized purposes; sensor information collection capability for the system].

The controls below (if any) were marked by NIST as being related to CCI-002553.