Navigate

CCI-002562

CCI-002562 Definition

The organization monitors the use of organization-defined information system components which have the potential to cause damage to the information system if used maliciously.

Status
Type	CheckType.policy

Master Assessment Datasheet

Implementation Guidance

The organization being inspected/assessed documents and implements a process to monitor the use of all information system components (through the use of an acceptable use agreement) which have the potential to cause damage to the information system if used maliciously. The organization must maintain an audit trail of monitoring. DoD has defined the information system components as all information system components (through the use of an acceptable use agreement).

Validation Procedures

The organization conducting the inspection/assessment obtains and examines the documented process as well as the audit trail of monitoring to ensure the organization being inspected/assessed monitors the use of all information system components (through the use of an acceptable use agreement). DoD has defined the information system components as all information system components (through the use of an acceptable use agreement).

Compelling Evidence

1.) Signed and dated user agreement. 2.) System security plan (SSP) (reference "usage" section).

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-002562.

Control	Description
SC-43	The organization: SC-43a.: Establishes usage restrictions and implementation guidance for [Assignment: organization-defined information system components] based on the potential to cause damage to the information system if used maliciously; and SC-43b.: Authorizes, monitors, and controls the use of such components within the information system.