CCI: Control Correlation Identifier
The Control Correlation Identifier (CCI) provides a standard identifier and description for each of the singular, actionable statements that comprise an IA control or IA best practice. CCI bridges the gap between high-level policy expressions and low-level technical implementations. CCI allows a security requirement that is expressed in a high-level policy framework to be decomposed and explicitly associated with the low-level security setting(s) that must be assessed to determine compliance with the objectives of that specific security control. This ability to trace security requirements from their origin (e.g., regulations, IA frameworks) to their low-level implementation allows organizations to readily demonstrate compliance to multiple IA compliance frameworks. CCI also provides a means to objectively rollup and compare related compliance assessment results across disparate technologies.
-
CCI-000211
Report on the results of information security measures of performance. -
CCI-000212
Develop an enterprise architecture with consideration for information security and the resulting risk to organizational operations, organizational ... -
CCI-000213
Enforce approved authorizations for logical access to information and system resources in accordance with applicable access control policies. -
CCI-000214
The organization establishes a Discretionary Access Control (DAC) policy that limits propagation of access rights. -
CCI-000215
The organization establishes a Discretionary Access Control (DAC) policy that includes or excludes access to the granularity of a single user. -
CCI-000216
Address information security issues in the development and documentation of a critical infrastructure and key resources protection plan. -
CCI-000217
Defines a time period after which inactive accounts are automatically disabled. -
CCI-000218
The information system, when transferring information between different security domains, identifies information flows by data type specification a... -
CCI-000219
When transferring information between different security domains, decompose information into organization-defined policy-relevant subcomponents for... -
CCI-000221
The information system enforces security policies regarding information on interconnected systems.
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.