CCI: Control Correlation Identifier
The Control Correlation Identifier (CCI) provides a standard identifier and description for each of the singular, actionable statements that comprise an IA control or IA best practice. CCI bridges the gap between high-level policy expressions and low-level technical implementations. CCI allows a security requirement that is expressed in a high-level policy framework to be decomposed and explicitly associated with the low-level security setting(s) that must be assessed to determine compliance with the objectives of that specific security control. This ability to trace security requirements from their origin (e.g., regulations, IA frameworks) to their low-level implementation allows organizations to readily demonstrate compliance to multiple IA compliance frameworks. CCI also provides a means to objectively rollup and compare related compliance assessment results across disparate technologies.
-
CCI-000151
Defines the frequency for the review and analysis of system audit records for organization-defined inappropriate or unusual activity. -
CCI-000152
The information system integrates audit review, analysis, and reporting processes to support organizational processes for investigation and respons... -
CCI-000153
Analyze and correlate audit records across different repositories to gain organization-wide situational awareness. -
CCI-000154
Provide the capability to centrally review and analyze audit records from multiple components within the system. -
CCI-000155
The organization integrates analysis of audit records with analysis of vulnerability scanning information, performance data, and network monitoring... -
CCI-000156
The information system provides an audit reduction capability. -
CCI-000157
The information system provides a report generation capability. -
CCI-000158
Provide the capability to process, sort, and search audit records for events of interest based on organization-defined audit fields within audit re... -
CCI-000159
Use internal system clocks to generate time stamps for audit records. -
CCI-000160
The information system synchronizes internal information system clocks on an organization-defined frequency with an organization-defined authoritat...
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.