CCI-003599

The organization defines the individuals or information systems to be the only recipients of organization-defined information, information system components, or devices, by employing organization-defined security safeguards.

Implementation Guidance

The organization being inspected/assessed defines and documents the individuals or information systems that are the only recipients of organization-defined information, information system components, or devices, and employed organization-defined security safeguards. DoD has determined the individuals or information systems are not appropriate to define at the Enterprise level.

Validation Procedures

The organization conducting the inspection/assessment obtains and examines the documented information, information system components, or devices to ensure the organization being inspected/assessed defines the individuals or information systems authorized to be recipients of organization-defined information, information system components, or devices, and has employed organization-defined security safeguards. DoD has determined the individuals or information systems are not appropriate to define at the Enterprise level.

Compelling Evidence

The organization being inspected/assessed defines and documents the individuals or information systems that are the only recipients of organization-defined information, information system components, or devices, and employed organization-defined security safeguards. DoD has determined the individuals or information systems are not appropriate to define at the Enterprise level.

The controls below (if any) were marked by NIST as being related to CCI-003599.