Skip to content
ATO Pathways
  Log In

CCI: Control Correlation Identifier

The Control Correlation Identifier (CCI) provides a standard identifier and description for each of the singular, actionable statements that comprise an IA control or IA best practice. CCI bridges the gap between high-level policy expressions and low-level technical implementations. CCI allows a security requirement that is expressed in a high-level policy framework to be decomposed and explicitly associated with the low-level security setting(s) that must be assessed to determine compliance with the objectives of that specific security control. This ability to trace security requirements from their origin (e.g., regulations, IA frameworks) to their low-level implementation allows organizations to readily demonstrate compliance to multiple IA compliance frameworks. CCI also provides a means to objectively rollup and compare related compliance assessment results across disparate technologies.

Scheme
public.cyber.mil /stigs/cci/
Published by
DoD Cyber Exchange (sponsored by DISA: Defense Information Systems Agency)

  • CCI-000011

    Create, enable, modify, disable, and remove system accounts in accordance with organization-defined procedures.
    Show

  • CCI-000012

    Review accounts for compliance with account management requirements per organization-defined frequency.
    Show

  • CCI-000013

    The organization manages information system accounts by notifying account managers when temporary accounts are no longer required and when informat...
    Show

  • CCI-000014

    The organization manages information system accounts by granting access to the system based on a valid access authorization; intended system usage;...
    Show

  • CCI-000015

    Support the management of system accounts using (organization-defined automated mechanisms).
    Show

  • CCI-000016

    Automatically remove or disable temporary and emergency accounts after an organization-defined time-period for each type of account.
    Show

  • CCI-000017

    Disable accounts when the accounts have been inactive for the organization-defined time-period.
    Show

  • CCI-000018

    Automatically audit account creation actions.
    Show

  • CCI-000019

    Require that users log out in accordance with the organization-defined time-period of expected inactivity or description of when to log out.
    Show

  • CCI-000020

    The information system dynamically manages user privileges and associated access authorizations.
    Show

Node 2

siemur/test-space

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules