CCI-004752
CCI-004752 Definition
| Status | |
| Type | CheckType.technical |
Master Assessment Datasheet
Implementation Guidance
Determine if [SA-08(19)_ODP; systems or system components that implement the security design principle of continuous protection are defined] implement the security design principle of continuous protection.
Validation Procedures
Examine: [SELECT FROM: System and services acquisition policy; access control policy; system and communications protection policy; procedures addressing boundary protection; procedures addressing the security design principle of continuous protection used in the specification, design, development, implementation, and modification of the system; system configuration settings and associated documentation; system design documentation; security and privacy requirements and specifications for the system; system security and privacy architecture; system security plan; other relevant documents or records]. Interview: [SELECT FROM: Organizational personnel with the responsibility for determining system security and privacy requirements; organizational personnel with system specification, design, development, implementation, and modification responsibilities; organizational personnel with access enforcement responsibilities; system/network administrators; system developers; organizational personnel with information security responsibilities; organizational personnel with boundary protection responsibilities]. Test: [SELECT FROM: Organizational processes for applying the security design principle of continuous protection in system specification, design, development, implementation, and modification; mechanisms implementing access enforcement functions; mechanisms supporting the application of the security design principle of continuous protection in system specification, design, development, implementation, and modification; mechanisms supporting and/or implementing secure failure].