Navigate

CCI-000099

CCI-000099 Definition

Employ organization-defined automated mechanisms to enforce information-sharing decisions by authorized users based on access authorizations of sharing partners and access restrictions on information to be shared.

Status
Type	CheckType.technical

Master Assessment Datasheet

Implementation Guidance

Determine if [AC-21(01)_ODP; automated mechanisms employed to enforce information-sharing decisions by authorized users are defined] are employed to enforce information-sharing decisions by authorized users based on access authorizations of sharing partners and access restrictions on information to be shared.

Validation Procedures

Examine: [SELECT FROM: Access control policy; procedures addressing user-based collaboration and information sharing (including restrictions); system design documentation; system configuration settings and associated documentation; system-generated list of users authorized to make information-sharing/collaboration decisions; system-generated list of sharing partners and access authorizations; system-generated list of access restrictions regarding information to be shared; system security plan; other relevant documents or records]. Interview: [SELECT FROM: System/network administrators; organizational personnel with information security responsibilities; system developers]. Test: [SELECT FROM: Automated mechanisms implementing access authorizations supporting information-sharing/user collaboration decisions].

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-000099.

Control	Description
AC-21(1)	Employ [automated mechanisms employed to enforce information-sharing decisions by authorized users are defined;] to enforce information-sharing decisions by authorized users based on access authorizations of sharing partners and access restrictions on information to be shared.