CCI-000061

The organization identifies and defines organization-defined user actions that can be performed on the information system without identification or authentication consistent with organizational missions/business functions.

Implementation Guidance

The organization being inspected/assessed identifies, defines, and documents user actions that can be performed on the information system without identification or authentication consistent with organizational missions/business functions. DoD has determined the user actions are not appropriate to define at the Enterprise level.

Validation Procedures

The organization conducting the inspection/assessment obtains and examines the documented user actions to ensure the organization being inspected/assessed identifies and defines the user actions that can be performed on the information system without identification and authentication. DoD has determined the user actions are not appropriate to define at the Enterprise level.

Compelling Evidence

1.) Signed and dated documentation that defines the user actions that can be performed on the information system without identification or authentication consistent with organizational missions/business functions. 2.) Applicable STIG/SRG checks

The controls below (if any) were marked by NIST as being related to CCI-000061.