CCI-002693

Defines the elements within the organization to whom the organization will disseminate security alerts, advisories, and directives.

Implementation Guidance

Determine if security alerts, advisories, and directives are disseminated to [SI-05_ODP[02]; one or more of the following PARAMETER VALUES is/are selected: {[SI-05_ODP[03]; personnel or roles to whom security alerts, advisories, and directives are to be disseminated is/are defined (if selected)]; [SI-05_ODP[04]; elements within the organization to whom security alerts, advisories, and directives are to be disseminated are defined (if selected)]; [SI-05_ODP[05]; external organizations to whom security alerts, advisories, and directives are to be disseminated are defined (if selected)]}].

Validation Procedures

Examine: [SELECT FROM: System and information integrity policy; system and information integrity procedures; procedures addressing security alerts, advisories, and directives; records of security alerts and advisories; system security plan; other relevant documents or records]. Interview: [SELECT FROM: Organizational personnel with security alert and advisory responsibilities; organizational personnel implementing, operating, maintaining, and using the system; organizational personnel, organizational elements, and/or external organizations to whom alerts, advisories, and directives are to be disseminated; system/network administrators; organizational personnel with information security responsibilities]. Test: [SELECT FROM: Organizational processes for defining, receiving, generating, disseminating, and complying with security alerts, advisories, and directives; mechanisms supporting and/or implementing the definition, receipt, generation, and dissemination of security alerts, advisories, and directives; mechanisms supporting and/or implementing security directives].

The controls below (if any) were marked by NIST as being related to CCI-002693.