CCI: Control Correlation Identifier
The Control Correlation Identifier (CCI) provides a standard identifier and description for each of the singular, actionable statements that comprise an IA control or IA best practice. CCI bridges the gap between high-level policy expressions and low-level technical implementations. CCI allows a security requirement that is expressed in a high-level policy framework to be decomposed and explicitly associated with the low-level security setting(s) that must be assessed to determine compliance with the objectives of that specific security control. This ability to trace security requirements from their origin (e.g., regulations, IA frameworks) to their low-level implementation allows organizations to readily demonstrate compliance to multiple IA compliance frameworks. CCI also provides a means to objectively rollup and compare related compliance assessment results across disparate technologies.
-
CCI-000171
Allow organization-defined personnel or roles to select the event types that are to be logged by specific components of the system. -
CCI-000172
Generate audit records for the event types defined in AU-2 c that include the audit record content defined in AU-3. -
CCI-000173
Defines the level of tolerance for relationship between time stamps of individual records in the audit trail that will be used for correlation. -
CCI-000174
Compile audit records from organization-defined information system components into a system-wide (logical or physical) audit trail that is time-cor... -
CCI-000175
The organization manages information system authenticators for users and devices by verifying, as part of the initial authenticator distribution, t... -
CCI-000176
Manage system authenticators by establishing initial authenticator content for authenticators issued by the organization. -
CCI-000177
The organization manages information system authenticators for users and devices by establishing and implementing administrative procedures for ini... -
CCI-000178
The organization manages information system authenticators for users and devices by changing default content of authenticators upon information sys... -
CCI-000179
The organization manages information system authenticators by establishing minimum lifetime restrictions for authenticators. -
CCI-000180
The organization manages information system authenticators by establishing maximum lifetime restrictions for authenticators.
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.