CCI-000633

Ensure that government off-the-shelf or commercial-off-the-shelf information assurance and information assurance-enabled information technology products have been evaluated and/or validated by NSA or in accordance with NSA-approved procedures.

Implementation Guidance

The organization being inspected/assessed must identify and use NSA-approved encryption technologies to protect classified information when the networks or transmission medium used to transmit the information are at a lower classification level than the information being transmitted.

Validation Procedures

The organization conducting the inspection/assessment examines and verifies identified encryption technologies in use by the organization being inspected/assessed are NSA-approved.

Compelling Evidence

1.) System security plan (SSP). 2.) System development life cycle (SDLC) documentation includes information as it relates to GOTS or COTS.

The controls below (if any) were marked by NIST as being related to CCI-000633.