CCI: Control Correlation Identifier
The Control Correlation Identifier (CCI) provides a standard identifier and description for each of the singular, actionable statements that comprise an IA control or IA best practice. CCI bridges the gap between high-level policy expressions and low-level technical implementations. CCI allows a security requirement that is expressed in a high-level policy framework to be decomposed and explicitly associated with the low-level security setting(s) that must be assessed to determine compliance with the objectives of that specific security control. This ability to trace security requirements from their origin (e.g., regulations, IA frameworks) to their low-level implementation allows organizations to readily demonstrate compliance to multiple IA compliance frameworks. CCI also provides a means to objectively rollup and compare related compliance assessment results across disparate technologies.
-
CCI-000161
The organization defines the frequency for the synchronization of internal information system clocks. -
CCI-000162
Protect audit information from unauthorized access. -
CCI-000163
Protect audit information from unauthorized modification. -
CCI-000164
Protect audit information from unauthorized deletion. -
CCI-000165
Write audit records to hardware-enforced, write-once media. -
CCI-000166
Provide irrefutable evidence that an individual (or process acting on behalf of an individual) falsely denying having performed organization-define... -
CCI-000167
Retain audit records for an organization-defined time period to provide support for after-the-fact investigations of incidents and to meet regulato... -
CCI-000168
Defines the time period for retention of audit records, which is consistent with its records retention policy, to provide support for after-the-fac... -
CCI-000169
Provide audit record generation capability for the event types the system is capable of auditing as defined in AU-2 a. on organization-defined info... -
CCI-000170
Implement a process to ensure that plans of action and milestones for the security program and associated organizational systems document the remed...
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.