CCI: Control Correlation Identifier
The Control Correlation Identifier (CCI) provides a standard identifier and description for each of the singular, actionable statements that comprise an IA control or IA best practice. CCI bridges the gap between high-level policy expressions and low-level technical implementations. CCI allows a security requirement that is expressed in a high-level policy framework to be decomposed and explicitly associated with the low-level security setting(s) that must be assessed to determine compliance with the objectives of that specific security control. This ability to trace security requirements from their origin (e.g., regulations, IA frameworks) to their low-level implementation allows organizations to readily demonstrate compliance to multiple IA compliance frameworks. CCI also provides a means to objectively rollup and compare related compliance assessment results across disparate technologies.
-
CCI-000141
Make available for expenditure, the planned information security resources. -
CCI-000142
Implement a process to ensure that plans of action and milestones for the information security program and the associated organizational systems ar... -
CCI-000143
The information system provides a warning when allocated audit record storage volume reaches an organization-defined percentage of maximum audit re... -
CCI-000144
The information system provides a real-time alert when organization-defined audit failure events occur. -
CCI-000145
Enforce configurable network communications traffic volume thresholds reflecting limits on audit log storage capacity by delaying or rejecting netw... -
CCI-000146
The organization defines the percentage of maximum audit record storage capacity that when exceeded, a warning is provided. -
CCI-000147
Defines the audit logging failure events requiring real-time alerts. -
CCI-000148
Review and analyze system audit records on an organization-defined frequency for indications of organization-defined inappropriate or unusual activ... -
CCI-000149
Report any findings to organization-defined personnel or roles for indications of organization-defined inappropriate or unusual activity. -
CCI-000150
The organization adjusts the level of audit review, analysis, and reporting within the information system when there is a change in risk to organiz...
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.