CCI: Control Correlation Identifier
The Control Correlation Identifier (CCI) provides a standard identifier and description for each of the singular, actionable statements that comprise an IA control or IA best practice. CCI bridges the gap between high-level policy expressions and low-level technical implementations. CCI allows a security requirement that is expressed in a high-level policy framework to be decomposed and explicitly associated with the low-level security setting(s) that must be assessed to determine compliance with the objectives of that specific security control. This ability to trace security requirements from their origin (e.g., regulations, IA frameworks) to their low-level implementation allows organizations to readily demonstrate compliance to multiple IA compliance frameworks. CCI also provides a means to objectively rollup and compare related compliance assessment results across disparate technologies.
-
CCI-000001
The organization develops an access control policy that addresses purpose, scope, roles, responsibilities, management commitment, coordination amon... -
CCI-000002
Disseminate the organization-level; mission/business process-level; and/or system-level access control policy that addresses purpose, scope, roles,... -
CCI-000003
Review and update the current access control policy for organization-defined frequency. -
CCI-000004
The organization develops procedures to facilitate the implementation of the access control policy and associated access controls. -
CCI-000005
Disseminate procedures to facilitate the implementation of the organization-level; mission/business process-level; and/or system-level access contr... -
CCI-000006
Review and update the current access control procedures for organization-defined frequency. -
CCI-000007
The organization manages information system accounts by identifying account types (i.e., individual, group, system, application, guest/anonymous, a... -
CCI-000008
The organization establishes conditions for group membership. -
CCI-000009
The organization manages information system accounts by identifying authorized users of the information system and specifying access privileges. -
CCI-000010
Require approvals by organization-defined personnel or roles for requests to create accounts.
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.