Navigate

CCI-002681

CCI-002681 Definition

The organization defines the authorization or approval process for network services.

Status
Type	CheckType.policy

Master Assessment Datasheet

Implementation Guidance

DoD has defined the personnel or roles as at a minimum, the ISSO and ISSM.

Validation Procedures

The organization being inspected/assessed is automatically compliant with this CCI because they are covered at the DoD level. DoD has defined the personnel or roles as at a minimum, the ISSO and ISSM.

Compelling Evidence

Automatically compliant.

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-002681.

Control	Description
SI-4 (22)	The information system detects network services that have not been authorized or approved by [Assignment: organization-defined authorization or approval processes] and [Selection (one or more): audits; alerts [Assignment: organization-defined personnel or roles]].