CCI: Control Correlation Identifier
The Control Correlation Identifier (CCI) provides a standard identifier and description for each of the singular, actionable statements that comprise an IA control or IA best practice. CCI bridges the gap between high-level policy expressions and low-level technical implementations. CCI allows a security requirement that is expressed in a high-level policy framework to be decomposed and explicitly associated with the low-level security setting(s) that must be assessed to determine compliance with the objectives of that specific security control. This ability to trace security requirements from their origin (e.g., regulations, IA frameworks) to their low-level implementation allows organizations to readily demonstrate compliance to multiple IA compliance frameworks. CCI also provides a means to objectively rollup and compare related compliance assessment results across disparate technologies.
-
CCI-000091
The organization prohibits the use of personally-owned, removable media in organizational information systems. -
CCI-000092
The organization prohibits the use of removable media in organizational information systems when the media has no identifiable owner. -
CCI-000093
Establish organization-defined terms and conditions, and/or identify organization-defined controls asserted to be implemented on external systems, ... -
CCI-000094
The organization establishes terms and conditions, consistent with any trust relationships established with other organizations owning, operating, ... -
CCI-000095
The organization prohibits authorized individuals from using an external information system to access the information system except in situations w... -
CCI-000096
The organization prohibits authorized individuals from using an external information system to access the information system or to process, store, ... -
CCI-000097
Restrict the use of organization-controlled portable storage devices by authorized individuals on external systems using organization-defined restr... -
CCI-000098
Enable authorized users to determine whether access authorizations assigned to the sharing partner match the information's access and use restricti... -
CCI-000099
Employ organization-defined automated mechanisms to enforce information-sharing decisions by authorized users based on access authorizations of sha... -
CCI-000100
Develop and document an organization level, mission/business process-level, or system-level awareness and training policy that addresses purpose, s...
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.