CCI-002990
CCI-002990 Definition
Protect the information security program plan from unauthorized modification.
Status | |
Type | CheckType.policy |
Master Assessment Datasheet
Implementation Guidance
DoD documents and implements methods to protect the information security program plan from unauthorized disclosure by marking, labeling, and handling to prevent unauthorized modification. DoD ensures that all changes to the information security program plan are approved.
Validation Procedures
DoD components are automatically compliant with this CCI as they are covered at the DoD level by DoDI 8500.01 and the Knowledge Service. If the organization or system owner is utilizing common controls they must be documented in their Security Plan.
Compelling Evidence
Automatically compliant per DoDI 8500.01.