CCI-002770

The organization defines the software programs and/or applications from which the information system is to validate the information output to ensure the information is consistent with expected content.

Implementation Guidance

The organization being inspected/assessed defines and documents the software programs and/or applications from which the information system is to validate the information output to ensure the information is consistent with expected content. DoD has determined the software programs and/or applications are not appropriate to define at the Enterprise level.

Validation Procedures

The organization conducting the inspection/assessment obtains and examines the documented software programs and/or applications to ensure the organization being inspected/assessed defines the software programs and/or applications from which the information system is to validate the information output to ensure the information is consistent with expected content. DoD has determined the software programs and/or applications are not appropriate to define at the Enterprise level.

Compelling Evidence

1.) Signed and dated System security plan defines the software programs and/or applications from which the information system is to validate the information output to ensure the information is consistent with expected content.

The controls below (if any) were marked by NIST as being related to CCI-002770.