Navigate

CCI-003152

CCI-003152 Definition

The organization restricts the location of information processing, information/data, and/or information system services to organization-defined locations based on organization-defined requirements or conditions.

Status
Type	CheckType.policy

Master Assessment Datasheet

Implementation Guidance

The organization being inspected/assessed restricts the location of information processing, information/data, and/or information system services to locations defined in SA-9 (5), CCI 3153 based on requirements or conditions defined in SA-9 (5), CCI 3154.

Validation Procedures

The organization conducting the inspection/assessment obtains and examines a list of locations of information processing, information/data, and/or information system services to ensure the organization being inspected/assessed restricts the location of information processing, information/data, and/or information system services to locations defined in SA-9 (5), CCI 3153 based on requirements or conditions defined in SA-9 (5), CCI 3154.

Compelling Evidence

1.) System security plan (SSP) will define the locations of information processing, information/data, and/or information system services to organization-defined locations based on organization-defined requirements or conditions.

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-003152.

Control	Description
SA-9 (5)	The organization restricts the location of [Selection (one or more): information processing; information/data; information system services] to [Assignment: organization-defined locations] based on [Assignment: organization-defined requirements or conditions].