CCI-002728

The organization defines the devices on which organization-defined security safeguards will be implemented to protect the integrity of the boot firmware.

Implementation Guidance

The organization being inspected/assessed defines and documents the devices on which organization-defined security safeguards will be implemented to protect the integrity of the boot firmware. DoD has determined the devices are not appropriate to define at the Enterprise level.

Validation Procedures

The organization conducting the inspection/assessment obtains and examines the documented devices to ensure the organization being inspected/assessed defines the devices on which organization-defined security safeguards will be implemented to protect the integrity of the boot firmware. DoD has determined the devices are not appropriate to define at the Enterprise level.

Compelling Evidence

1.) Signed and dated System security plan with reference to section that defines the devices on which organization-defined security safeguards will be implemented to protect the integrity of the boot firmware.

The controls below (if any) were marked by NIST as being related to CCI-002728.