CCI-002807

Defines the personnel or roles to be alerted of information spills using a method of communication not associated with the spill.

Implementation Guidance

DoD has defined the personnel or roles as at a minimum, the OCA, the information owner/originator, the ISSM, the activity security manager, and the responsible computer incident response center.

Validation Procedures

The organization being inspected/assessed is automatically compliant with this CCI because they are covered at the DoD level. DoD has defined the personnel or roles as at a minimum, the OCA, the information owner/originator, the ISSM, the activity security manager, and the responsible computer incident response center.

Compelling Evidence

Automatically compliant

The controls below (if any) were marked by NIST as being related to CCI-002807.