CCI-000633
CCI-000633 Definition
Ensure that government off-the-shelf or commercial-off-the-shelf information assurance and information assurance-enabled information technology products have been evaluated and/or validated by NSA or in accordance with NSA-approved procedures.
Status | |
Type | CheckType.policy |
Master Assessment Datasheet
Implementation Guidance
The organization being inspected/assessed must identify and use NSA-approved encryption technologies to protect classified information when the networks or transmission medium used to transmit the information are at a lower classification level than the information being transmitted.
Validation Procedures
The organization conducting the inspection/assessment examines and verifies identified encryption technologies in use by the organization being inspected/assessed are NSA-approved.
Compelling Evidence
1.) System security plan (SSP). 2.) System development life cycle (SDLC) documentation includes information as it relates to GOTS or COTS.