CCI-002553

The organization defines the measures to be employed to ensure data or information collected by organization-defined sensors is used only for authorized purposes.

Implementation Guidance

The organization being inspected/assessed defines and documents the measures to be employed to ensure data or information collected by sensors defined in SC-42 (2), CCI 2554 is used only for authorized purposes. DoD has determined the measures are not appropriate to define at the Enterprise level.

Validation Procedures

The organization conducting the inspection/assessment obtains and examines the documented measures to ensure the organization being inspected/assessed defines the measures to be employed to ensure data or information collected by sensors defined in SC-42 (2), CCI 2554 is used only for authorized purposes. DoD has determined the measures are not appropriate to define at the Enterprise level.

Compelling Evidence

1.) Signed and dated Standard Operating Procedure (SOP). 2.) Concept of Operations (CONOP). 3.) Configuration Management policy (reference "sensor settings" section).

The controls below (if any) were marked by NIST as being related to CCI-002553.