Navigate

CCI-003110

CCI-003110 Definition

The organization defines the security configurations required to be implemented when the developer delivers the information system, system component, or information system service.

Status
Type	CheckType.policy

Master Assessment Datasheet

Implementation Guidance

DoD has defined the security configurations as security configurations identified by the applicable requirements from DoDI 8510.01 and STIGs/SRGs.

Validation Procedures

The organization being inspected/assessed is automatically compliant with this CCI because they are covered at the DoD level. DoD has defined the security configurations as security configurations identified by the applicable requirements from DoDI 8510.01 and STIGs/SRGs.

Compelling Evidence

Automatically compliant per DoDI 8510.01.

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-003110.

Control	Description
SA-4 (5)	The organization requires the developer of the information system, system component, or information system service to: SA-4 (5)(a): Deliver the system, component, or service with [Assignment: organization-defined security configurations] implemented; and SA-4 (5)(b): Use the configurations as the default for any subsequent system, component, or service reinstallation or upgrade.