CCI-002859

Defines the alternative or supplemental security mechanisms that will be employed for satisfying organization-defined security functions when the primary means of implementing the security function is unavailable or compromised.

Implementation Guidance

The organization being inspected/assessed defines and documents the alternative or supplemental security mechanisms that will be employed for satisfying organization-defined security functions when the primary means of implementing the security function is unavailable or compromised. DoD has determined the alternative or supplemental security mechanisms are not appropriate to define at the Enterprise level.

Validation Procedures

The organization conducting the inspection/assessment obtains and examines the documented alternative or supplemental security mechanisms to ensure the organization being inspected/assessed defines the alternative or supplemental security mechanisms that will be employed for satisfying organization-defined security functions when the primary means of implementing the security function is unavailable or compromised. DoD has determined the alternative or supplemental security mechanisms are not appropriate to define at the Enterprise level.

Compelling Evidence

1.) Documentation that defines alternative security mechanisms that will be employed when the primary means of implementing the security function is unavailable or compromised.

The controls below (if any) were marked by NIST as being related to CCI-002859.