Skip to content
ATO Pathways
  Log In

CCI: Control Correlation Identifier

The Control Correlation Identifier (CCI) provides a standard identifier and description for each of the singular, actionable statements that comprise an IA control or IA best practice. CCI bridges the gap between high-level policy expressions and low-level technical implementations. CCI allows a security requirement that is expressed in a high-level policy framework to be decomposed and explicitly associated with the low-level security setting(s) that must be assessed to determine compliance with the objectives of that specific security control. This ability to trace security requirements from their origin (e.g., regulations, IA frameworks) to their low-level implementation allows organizations to readily demonstrate compliance to multiple IA compliance frameworks. CCI also provides a means to objectively rollup and compare related compliance assessment results across disparate technologies.

Scheme
public.cyber.mil /stigs/cci/
Published by
DoD Cyber Exchange (sponsored by DISA: Defense Information Systems Agency)

  • CCI-000201

    Protect authenticators commensurate with the security category of the information to which use of the authenticator permits access.
    Show

  • CCI-000202

    The organization ensures unencrypted static authenticators are not embedded in access scripts.
    Show

  • CCI-000203

    The organization ensures unencrypted static authenticators are not stored on function keys.
    Show

  • CCI-000204

    Defines the security controls required to manage the risk of compromise due to individuals having accounts on multiple information systems.
    Show

  • CCI-000205

    The information system enforces minimum password length.
    Show

  • CCI-000206

    Obscure feedback of authentication information during the authentication process to protect the information from possible exploitation and use by u...
    Show

  • CCI-000207

    The organization develops and maintains an inventory of its information systems.
    Show

  • CCI-000208

    The organization determines normal time-of-day and duration usage for information system accounts.
    Show

  • CCI-000209

    Develop the results of information security measures of performance.
    Show

  • CCI-000210

    Monitor the results of information security measures of performance.
    Show

Node 2

siemur/test-space

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules