Navigate

CCI-000758

CCI-000758 Definition

The organization reviews and updates identification and authentication policy in accordance with the organization-defined frequency.

Status
Type	CheckType.policy

Master Assessment Datasheet

Implementation Guidance

DoD reviews and updates identification and authentication policy (DoDI 8520.02 and DoDI 8520.03) annually.DoD Components are automatically compliant with this CCI because they are covered at the DoD level policies, DoDI 8520.02 and DoDI 8520.03.DoD has defined the frequency as reviewed annually - updated as appropriate but at least within 10 years of date of issuance.

Validation Procedures

DoD Components are automatically compliant with this CCI because they are covered by the DoD level policy, DoDI 8520.02 and DoDI 8520.03.DoD has defined the frequency as reviewed annually - updated as appropriate but at least within 10 years of date of issuance.

Compelling Evidence

Automatically compliant per DoDI 8520.02 and DoDI 8520.03

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-000758.

Control	Description
IA-1	The organization: IA-1a.: Develops, documents, and disseminates to [Assignment: organization-defined personnel or roles]: IA-1a.1.: An identification and authentication policy that addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance; and IA-1a.2.: Procedures to facilitate the implementation of the identification and authentication policy and associated identification and authentication controls; and IA-1b.: Reviews and updates the current: IA-1b.1.: Identification and authentication policy [Assignment: organization-defined frequency]; and IA-1b.2.: Identification and authentication procedures [Assignment: organization-defined frequency].

Control

Description

IA-1

The organization:

IA-1a.: Develops, documents, and disseminates to [Assignment: organization-defined personnel or roles]:
- IA-1a.1.: An identification and authentication policy that addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance; and
- IA-1a.2.: Procedures to facilitate the implementation of the identification and authentication policy and associated identification and authentication controls; and

IA-1b.: Reviews and updates the current:
- IA-1b.1.: Identification and authentication policy [Assignment: organization-defined frequency]; and
- IA-1b.2.: Identification and authentication procedures [Assignment: organization-defined frequency].