CCI: Control Correlation Identifier
The Control Correlation Identifier (CCI) provides a standard identifier and description for each of the singular, actionable statements that comprise an IA control or IA best practice. CCI bridges the gap between high-level policy expressions and low-level technical implementations. CCI allows a security requirement that is expressed in a high-level policy framework to be decomposed and explicitly associated with the low-level security setting(s) that must be assessed to determine compliance with the objectives of that specific security control. This ability to trace security requirements from their origin (e.g., regulations, IA frameworks) to their low-level implementation allows organizations to readily demonstrate compliance to multiple IA compliance frameworks. CCI also provides a means to objectively rollup and compare related compliance assessment results across disparate technologies.
-
CCI-000101
Disseminate an organization level, mission/business process-level, or system-level awareness and training policy to organization-defined personnel ... -
CCI-000102
Review and update the current security awareness and training policy in accordance with organization-defined frequency. -
CCI-000103
Develop and document procedures to facilitate the implementation of the awareness and training policy and associated awareness and training controls. -
CCI-000104
Disseminate organization-level; mission/business process-level; or system-level awareness and training procedures to organization-defined personnel... -
CCI-000105
Review and update the current security awareness and training procedures in accordance with an organization-defined frequency. -
CCI-000106
Provide basic security literacy training to system users (including managers, senior executives, and contractors) as part of initial training for n... -
CCI-000107
Provide practical exercises in literacy training that simulate events and incidents. -
CCI-000108
Provide role-based security training to personnel with organization-defined roles and responsibilities before authorizing access to the system, inf... -
CCI-000109
Provide role-based security training to personnel with organization-defined roles and responsibilities when required by system changes. -
CCI-000110
The organization provides refresher role-based security training to personnel with assigned security roles and responsibilities in accordance with ...
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.