General Policy Statements

Identifier	Accountability
Descriptive Name	Individual accountability
Description	Individuals shall be held accountable for their actions.
Selection Guidance
Coverage Rationale
Editorial
Implementing Detailed Policy Statements Audit_Gen_User - Individual accountability Audit_Generation - Audit data generation with identity Audit_Protect - Protected audit data storage I&A_User - User identification and authentication User_Defined_AC - Discretionary access control
Identifier	Authorities
Descriptive Name	Notification of threats and vulnerabilities
Description	Appropriate authorities shall be immediately notified of any threats or vulnerabilities impacting systems that process their data.
Selection Guidance
Coverage Rationale
Editorial
Implementing Detailed Policy Statements Authority_Notify - Notification of threats and vulnerabilities
Identifier	Authorized_Use
Descriptive Name	Authorized use of information
Description	Information shall be used only for its authorized purpose(s).
Selection Guidance
Coverage Rationale
Editorial
Implementing Detailed Policy Statements Sys_Access_Banners - System access banners
Identifier	Availability
Descriptive Name	Information availability
Description	Information shall be available to satisfy mission requirements.
Selection Guidance
Coverage Rationale
Editorial
Implementing Detailed Policy Statements Config_Mgt_Plan - Implement operational configuration management Documented_Recovery - Documented recovery Maintenance_Prvnt - Preventive maintenance Malicious_Code - Malicious code prevention Sys_Assur_HW/SW/FW - Validation of security function integrity Sys_Backup_Procs - System backup procedures Sys_Backup_Restore - Restoration with minimal loss Sys_Backup_Storage - Effective backup restoration Sys_Backup_Verify - Backup protection and restoration System_Recovery - Trusted system recovery User_Data_Dial-in - Encryption of transmitted user data User_Data_Storage - Protection of stored user data User_Data_Transfer - Protection of transmitted user data
Identifier	Guidance
Descriptive Name	Installation and usage guidance
Description	Guidance shall be provided for the secure installation and use of the system.
Selection Guidance
Coverage Rationale
Editorial
Implementing Detailed Policy Statements Privileged_Doc - Privileged user documentation User_Documentation - General user documentation
Identifier	Information_AC
Descriptive Name	Information access control
Description	Information shall be accessed only by authorized individuals and processes.
Selection Guidance
Coverage Rationale
Editorial
Implementing Detailed Policy Statements Admin_Security_Data - Changes to security data by authorized personnel Need_To_Know - Privileged user access Screen_Lock - User screen locking User_Auth_Enhanced - Enhanced user identification and authentication User_Defined_AC - Discretionary access control
Identifier	Integrity
Descriptive Name	Information content integrity
Description	Information shall retain its content integrity.
Selection Guidance
Coverage Rationale
Editorial
Implementing Detailed Policy Statements Admin_Security_Data - Changes to security data by authorized personnel Change_Control_Users - Notification of data content changes Config_Mgt_Plan - Implement operational configuration management Documented_Recovery - Documented recovery Integrity_Data/SW - Strong integrity mechanisms Integrity_Practice - Operational integrity system function testing Malicious_Code - Malicious code prevention Non-Repudiation - Non-repudiation capabilities Storage_Integrity - Assurance of effective storage integrity Sys_Assur_HW/SW/FW - Validation of security function integrity System_Protection - Protection from security function modification System_Recovery - Trusted system recovery User_Data_Dial-in - Encryption of transmitted user data User_Data_Storage - Protection of stored user data User_Data_Transfer - Protection of transmitted user data
Identifier	Lifecycle
Descriptive Name	System lifecycle phases integrate security
Description	Information systems security shall be an integral part of all system lifecycle phases.
Selection Guidance
Coverage Rationale
Editorial
Implementing Detailed Policy Statements Lifecycle_Security - Security throughout lifecycle
Identifier	Marking
Descriptive Name	Information marking
Description	Information shall be appropriately marked and labeled.
Selection Guidance
Coverage Rationale
Editorial
Implementing Detailed Policy Statements Config_Mgt_Plan - Implement operational configuration management External_Labels - Labeling data
Identifier	Physical_Control
Descriptive Name	Physical protection
Description	Information shall be physically protected to prevent unauthorized disclosure, destruction, or modification.
Selection Guidance
Coverage Rationale
Editorial
Implementing Detailed Policy Statements Tamper_ID - Physical tampering detection and notification