Navigate

CCI-002563

CCI-002563 Definition

The organization controls the use of organization-defined information system components which have the potential to cause damage to the information system if used maliciously.

Status
Type	CheckType.policy

Master Assessment Datasheet

Implementation Guidance

The organization being inspected/assessed documents and implements a process to control the use of all information system components (through the use of an acceptable use agreement) which have the potential to cause damage to the information system if used maliciously. DoD has defined the information system components as all information system components (through the use of an acceptable use agreement).

Validation Procedures

The organization conducting the inspection/assessment obtains and examines the documented process to ensure the organization being inspected/assessed controls the use of all information system components (through the use of an acceptable use agreement). DoD has defined the information system components as all information system components (through the use of an acceptable use agreement).

Compelling Evidence

1.) Signed and dated user agreement. 2.) System security plan (SSP) (reference "usage" section).

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-002563.

Control	Description
SC-43	The organization: SC-43a.: Establishes usage restrictions and implementation guidance for [Assignment: organization-defined information system components] based on the potential to cause damage to the information system if used maliciously; and SC-43b.: Authorizes, monitors, and controls the use of such components within the information system.