CCI-003091
CCI-003091 Definition
The organization determines information security requirements for the information system or information system service in mission/business process planning.
| Status | |
| Type | CheckType.policy |
Master Assessment Datasheet
Implementation Guidance
The organization being inspected/assessed determines and documents information security requirements for the information system or information system service in mission/business process planning.
Validation Procedures
The organization conducting the inspection/assessment obtains and examines the documented information security requirements to ensure the organization being inspected/assessed determines information security requirements for the information system or information system service in mission/business process planning.
Compelling Evidence
1.) Mission/Business planning documentation defines information security requirements for information systems or services.