Skip to content
ATO Pathways
  Log In

CCI: Control Correlation Identifier

The Control Correlation Identifier (CCI) provides a standard identifier and description for each of the singular, actionable statements that comprise an IA control or IA best practice. CCI bridges the gap between high-level policy expressions and low-level technical implementations. CCI allows a security requirement that is expressed in a high-level policy framework to be decomposed and explicitly associated with the low-level security setting(s) that must be assessed to determine compliance with the objectives of that specific security control. This ability to trace security requirements from their origin (e.g., regulations, IA frameworks) to their low-level implementation allows organizations to readily demonstrate compliance to multiple IA compliance frameworks. CCI also provides a means to objectively rollup and compare related compliance assessment results across disparate technologies.

Scheme
public.cyber.mil /stigs/cci/
Published by
DoD Cyber Exchange (sponsored by DISA: Defense Information Systems Agency)

  • CCI-000191

    The organization enforces password complexity by the number of special characters used.
    Show

  • CCI-000192

    The information system enforces password complexity by the minimum number of upper case characters used.
    Show

  • CCI-000193

    The information system enforces password complexity by the minimum number of lower case characters used.
    Show

  • CCI-000194

    The information system enforces password complexity by the minimum number of numeric characters used.
    Show

  • CCI-000195

    The information system, for password-based authentication, when new passwords are created, enforces that at least an organization-defined number of...
    Show

  • CCI-000196

    The information system, for password-based authentication, stores only cryptographically-protected passwords.
    Show

  • CCI-000197

    For password-based authentication, transmit passwords only cryptographically-protected channels.
    Show

  • CCI-000198

    The information system enforces minimum password lifetime restrictions.
    Show

  • CCI-000199

    The information system enforces maximum password lifetime restrictions.
    Show

  • CCI-000200

    The information system prohibits password reuse for the organization-defined number of generations.
    Show

Node 2

siemur/test-space

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules