CCI-000618

Implementation Guidance

The organization being inspected/assessed identifies and documents individuals having information system security roles and responsibilities.

Validation Procedures

The organization conducting the inspection/assessment obtains and examines the documented individuals having information system security roles and responsibilities to ensure the organization being inspected/assessed identifies individuals having information system security roles and responsibilities.

Compelling Evidence

1.) System security plan (SSP). 2.) System development life cycle (SDLC) documentation defines security roles and responsibilities.