Navigate

CCI-002693

CCI-002693 Definition

The organization defines the elements within the organization to whom the organization will disseminate security alerts, advisories, and directives.

Status
Type	CheckType.policy

Master Assessment Datasheet

Implementation Guidance

DoD has determined the elements are not applicable as elements are not selected as recipients of security alerts, advisories and directives.

Validation Procedures

DoD has determined the elements are not applicable as elements are not selected as recipients of security alerts, advisories and directives.

Compelling Evidence

1.) Signed and dated System security plan documents which organization defined elements are authorized to receive security notifications.. 2.) List of personnel with access to communication logs.

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-002693.

Control	Description
SI-5	The organization: SI-5a.: Receives information system security alerts, advisories, and directives from [Assignment: organization-defined external organizations] on an ongoing basis; SI-5b.: Generates internal security alerts, advisories, and directives as deemed necessary; SI-5c.: Disseminates security alerts, advisories, and directives to: [Selection (one or more): [Assignment: organization-defined personnel or roles]; [Assignment: organization-defined elements within the organization]; [Assignment: organization-defined external organizations]]; and SI-5d.: Implements security directives in accordance with established time frames, or notifies the issuing organization of the degree of noncompliance.

Control

Description

SI-5

The organization:

SI-5a.: Receives information system security alerts, advisories, and directives from [Assignment: organization-defined external organizations] on an ongoing basis;

SI-5b.: Generates internal security alerts, advisories, and directives as deemed necessary;

SI-5c.: Disseminates security alerts, advisories, and directives to: [Selection (one or more): [Assignment: organization-defined personnel or roles]; [Assignment: organization-defined elements within the organization]; [Assignment: organization-defined external organizations]]; and

SI-5d.: Implements security directives in accordance with established time frames, or notifies the issuing organization of the degree of noncompliance.