Navigate

CCI-002756

CCI-002756 Definition

Defines the trusted sources to which the usage of information inputs will be restricted (e.g., whitelisting).

Status
Type	CheckType.policy

Master Assessment Datasheet

Implementation Guidance

The organization being inspected/assessed defines and documents the trusted sources to which the usage of information inputs will be restricted (e.g., whitelisting). DoD has determined the trusted sources are not appropriate to define at the Enterprise level.

Validation Procedures

The organization conducting the inspection/assessment obtains and examines the documented trusted sources to ensure the organization being inspected/assessed defines the trusted sources to which the usage of information inputs will be restricted (e.g., whitelisting). DoD has determined the trusted sources are not appropriate to define at the Enterprise level.

Compelling Evidence

1.) Signed and dated System security plan defines the trusted sources to which the usage of information inputs will be restricted (e.g., whitelisting).

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-002756.

Control	Description
SI-10(5)	The organization restricts the use of information inputs to [organization-defined trusted sources] and/or [organization-defined formats].