Navigate

CCI-000061

CCI-000061 Definition

Identify organization-defined user actions that can be performed on the system without identification or authentication consistent with organizational missions/business functions.

Status
Type	CheckType.policy

Master Assessment Datasheet

Implementation Guidance

The organization being inspected/assessed identifies, defines, and documents user actions that can be performed on the information system without identification or authentication consistent with organizational missions/business functions. DoD has determined the user actions are not appropriate to define at the Enterprise level.

Validation Procedures

The organization conducting the inspection/assessment obtains and examines the documented user actions to ensure the organization being inspected/assessed identifies and defines the user actions that can be performed on the information system without identification and authentication. DoD has determined the user actions are not appropriate to define at the Enterprise level.

Compelling Evidence

1.) Signed and dated documentation that defines the user actions that can be performed on the information system without identification or authentication consistent with organizational missions/business functions. 2.) Applicable STIG/SRG checks

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-000061.

Control	Description
AC-14	The organization: a: Identifies [one of ] that can be performed on the information system without identification or authentication consistent with organizational missions/business functions; and b: Documents and provides supporting rationale in the security plan for the information system, user actions not requiring identification or authentication.