Navigate

CCI-003989

CCI-003989 Definition

Defines the information by information type for identifying automated tools.

Status
Type	CheckType.policy

Master Assessment Datasheet

Implementation Guidance

Determine if automated tools are used to identify [CM-12(01)_ODP[01]; information to be protected is defined by information type] on [CM-12(01)_ODP[02]; system components where the information is located are defined] to ensure that controls are in place to protect Organizational information and individual privacy.

Validation Procedures

Examine: [SELECT FROM: Configuration management policy; procedures addressing identification and documentation of information location; configuration management plan; system design documentation; PII inventory documentation; data mapping documentation; change control records; system component inventory; system security plan; privacy plan; other relevant documents or records]. Interview: [SELECT FROM: Organizational personnel with responsibilities for managing information location; organizational personnel with information security responsibilities; system/network administrators; system developers]. Test: [SELECT FROM: Organizational processes governing information location; automated mechanisms enforcing policies and methods for governing information location; automated tools used to identify information on system components].

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-003989.

Control	Description
CM-12(1)	Use automated tools to identify [information to be protected is defined by information type;] on [system components where the information is located are defined;] to ensure controls are in place to protect organizational information and individual privacy.