Navigate

CCI-000567

CCI-000567 Definition

The organization disseminates security planning procedures to organization-defined personnel or roles.

Status
Type	CheckType.policy

Master Assessment Datasheet

Implementation Guidance

DoD disseminates DoDI 8510.01 via the DoD Issuances website (http://www.dtic.mil/whs/directives/corres/dir.html) to organizational personnel with planning responsibilities or information security responsibilities.DoD Components are automatically compliant with this CCI because they are covered by DoD level policy, DoDI 8510.01.DoD has defined the roles as organizational personnel with planning responsibilities or information security responsibilities.

Validation Procedures

DoD Components are automatically compliant with this CCI because they are covered by DoD level policy, DoDI 8510.01.DoD has defined the roles as organizational personnel with planning responsibilities or information security responsibilities.

DISA Compelling Evidence

1. Documented Security Planning Procedure dissemination process/methodology exists. 2. A sampling of personnel and roles who should be receiving the security planning procedures shows that they have the latest version, know how it is disseminated, and can readily access the repository holding the latest version.

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-000567.

Control	Description
PL-1	The organization: PL-1a.: Develops, documents, and disseminates to [Assignment: organization-defined personnel or roles]: PL-1a.1.: A security planning policy that addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance; and PL-1a.2.: Procedures to facilitate the implementation of the security planning policy and associated security planning controls; and PL-1b.: Reviews and updates the current: PL-1b.1.: Security planning policy [Assignment: organization-defined frequency]; and PL-1b.2.: Security planning procedures [Assignment: organization-defined frequency].

Control

Description

PL-1

The organization:

PL-1a.: Develops, documents, and disseminates to [Assignment: organization-defined personnel or roles]:
- PL-1a.1.: A security planning policy that addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance; and
- PL-1a.2.: Procedures to facilitate the implementation of the security planning policy and associated security planning controls; and

PL-1b.: Reviews and updates the current:
- PL-1b.1.: Security planning policy [Assignment: organization-defined frequency]; and
- PL-1b.2.: Security planning procedures [Assignment: organization-defined frequency].