Skip to content
ATO Pathways
  Log In

CCI: Control Correlation Identifier

The Control Correlation Identifier (CCI) provides a standard identifier and description for each of the singular, actionable statements that comprise an IA control or IA best practice. CCI bridges the gap between high-level policy expressions and low-level technical implementations. CCI allows a security requirement that is expressed in a high-level policy framework to be decomposed and explicitly associated with the low-level security setting(s) that must be assessed to determine compliance with the objectives of that specific security control. This ability to trace security requirements from their origin (e.g., regulations, IA frameworks) to their low-level implementation allows organizations to readily demonstrate compliance to multiple IA compliance frameworks. CCI also provides a means to objectively rollup and compare related compliance assessment results across disparate technologies.

Scheme
public.cyber.mil /stigs/cci/
Published by
DoD Cyber Exchange (sponsored by DISA: Defense Information Systems Agency)

  • CCI-000131

    Ensure that audit records containing information that establishes when the event occurred.
    Show

  • CCI-000132

    Ensure that audit records containing information that establishes where the event occurred.
    Show

  • CCI-000133

    Ensure that audit records containing information that establishes the source of the event.
    Show

  • CCI-000134

    Ensure that audit records containing information that establishes the outcome of the event.
    Show

  • CCI-000135

    Generate audit records containing the organization-defined additional information that is to be included in the audit records.
    Show

  • CCI-000136

    The organization centrally manages the content of audit records generated by organization-defined information system components.
    Show

  • CCI-000137

    The organization allocates audit record storage capacity.
    Show

  • CCI-000138

    The organization configures auditing to reduce the likelihood of storage capacity being exceeded.
    Show

  • CCI-000139

    Alert organization-defined personnel or roles within an organization-defined time period in the event of an audit logging process failure.
    Show

  • CCI-000140

    Take organization-defined actions upon audit failure include, shutting down the system, overwriting oldest audit records, and stopping the generati...
    Show

Node 2

siemur/test-space

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules