CCI: Control Correlation Identifier
The Control Correlation Identifier (CCI) provides a standard identifier and description for each of the singular, actionable statements that comprise an IA control or IA best practice. CCI bridges the gap between high-level policy expressions and low-level technical implementations. CCI allows a security requirement that is expressed in a high-level policy framework to be decomposed and explicitly associated with the low-level security setting(s) that must be assessed to determine compliance with the objectives of that specific security control. This ability to trace security requirements from their origin (e.g., regulations, IA frameworks) to their low-level implementation allows organizations to readily demonstrate compliance to multiple IA compliance frameworks. CCI also provides a means to objectively rollup and compare related compliance assessment results across disparate technologies.
-
CCI-000111
The organization defines a frequency for providing refresher role-based security training. -
CCI-000112
Provide basic security awareness training to system users (including managers, senior executives, and contractors) when required by system changes ... -
CCI-000113
Document individual security training activities, including security awareness training and specific system security training. -
CCI-000114
Monitor individual information security training activities, including security awareness training and specific security training. -
CCI-000115
The organization establishes contact with selected groups and associations within the security community to facilitate ongoing security education a... -
CCI-000116
The organization institutionalizes contact with selected groups and associations within the security community to facilitate ongoing security educa... -
CCI-000117
Develop and document an organization-level; mission/business process-level; and/or system-level audit and accountability policy that addresses purp... -
CCI-000118
The organization disseminates a formal, documented, audit and accountability policy to elements within the organization having associated audit and... -
CCI-000119
Review and update the current audit and accountability policy on an organization-defined frequency. -
CCI-000120
Develop and document procedures to facilitate the implementation of the audit and accountability policy and associated audit and accountability con...
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.