CCI-000098

The organization facilitates information sharing by enabling authorized users to determine whether access authorizations assigned to the sharing partner match the access restrictions on the information for organization-defined information circumstances where user discretion is required.

Implementation Guidance

The organization being inspected/assessed documents and implements a process to determine whether access authorizations assigned to the sharing partner match the access restrictions on the information for information circumstances defined in AC-21, CCI 1470 where user discretion is required.

Validation Procedures

The organization conducting the inspection/assessment obtains and examines the documented process to ensure the organization being inspected/assessed determines whether access authorizations assigned to the sharing partner match the access restrictions on the information for information circumstances defined in AC-21, CCI 1470 where user discretion is required.

Compelling Evidence

1.) Signed and dated documentation that describes a process that determines whether access authorizations assigned to the sharing partner match the access restrictions on the information for information circumstances defined in AC-21, CCI 1470 where user discretion is required.

The controls below (if any) were marked by NIST as being related to CCI-000098.