CCI: Control Correlation Identifier
The Control Correlation Identifier (CCI) provides a standard identifier and description for each of the singular, actionable statements that comprise an IA control or IA best practice. CCI bridges the gap between high-level policy expressions and low-level technical implementations. CCI allows a security requirement that is expressed in a high-level policy framework to be decomposed and explicitly associated with the low-level security setting(s) that must be assessed to determine compliance with the objectives of that specific security control. This ability to trace security requirements from their origin (e.g., regulations, IA frameworks) to their low-level implementation allows organizations to readily demonstrate compliance to multiple IA compliance frameworks. CCI also provides a means to objectively rollup and compare related compliance assessment results across disparate technologies.
-
CCI-000181
The organization manages information system authenticators by establishing reuse conditions for authenticators. -
CCI-000182
Manage system authenticators by changing or refreshing authenticators in accordance with the organization-defined time period by authenticator type... -
CCI-000183
Manage system authenticators by protecting authenticator content from unauthorized disclosure. -
CCI-000184
Manages system authenticators by requiring individuals to take, and having devices implement, specific security controls to protect authenticators. -
CCI-000185
For public key-based authentication, validate certificates by constructing and verifying a certification path to an accepted trust anchor including... -
CCI-000186
For public key-based authentication, enforce authorized access to the corresponding private key. -
CCI-000187
For public key-based authentication, map the authenticated identity to the account of the individual or group. -
CCI-000188
The organization requires that the registration process to receive an organizational-defined type of authenticator be carried out in person before ... -
CCI-000189
The organization employs automated tools to determine if authenticators are sufficiently strong to resist attacks intended to discover or otherwise... -
CCI-000190
The organization requires vendors/manufacturers of information system components to provide unique authenticators or change default authenticators ...
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.