Navigate

CCI-002975

CCI-002975 Definition

The organization defines security controls to employ at alternate work sites.

Status
Type	CheckType.policy

Master Assessment Datasheet

Implementation Guidance

The organization being inspected/assessed defines and documents security controls to employ at alternate work sites, which must include all applicable building and safety codes for the information system's environment DoD has determined the security controls are not appropriate to define at the Enterprise level, but must include all applicable building and safety codes for the information system's environment.

Validation Procedures

The organization conducting the inspection/assessment obtains and examines the documented security controls to ensure the organization being inspected/assessed defines security controls to employ at alternate work sites, which must include all applicable building and safety codes for the information system's environment. DoD has determined the security controls are not appropriate to define at the Enterprise level, but must include all applicable building and safety codes for the information system's environment.

Compelling Evidence

1.) Telework policy, Telework Agreement, or other similar documentation containing organizationally-defined security controls

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-002975.

Control	Description
PE-17	The organization: PE-17a.: Employs [Assignment: organization-defined security controls] at alternate work sites; PE-17b.: Assesses as feasible, the effectiveness of security controls at alternate work sites; and PE-17c.: Provides a means for employees to communicate with information security personnel in case of security incidents or problems.