CCI: Control Correlation Identifier
The Control Correlation Identifier (CCI) provides a standard identifier and description for each of the singular, actionable statements that comprise an IA control or IA best practice. CCI bridges the gap between high-level policy expressions and low-level technical implementations. CCI allows a security requirement that is expressed in a high-level policy framework to be decomposed and explicitly associated with the low-level security setting(s) that must be assessed to determine compliance with the objectives of that specific security control. This ability to trace security requirements from their origin (e.g., regulations, IA frameworks) to their low-level implementation allows organizations to readily demonstrate compliance to multiple IA compliance frameworks. CCI also provides a means to objectively rollup and compare related compliance assessment results across disparate technologies.
-
CCI-000223
The information system binds security attributes to information to facilitate information flow policy enforcement. -
CCI-000224
The information system tracks problems associated with the security attribute binding. -
CCI-000225
Employ the principle of least privilege, allowing only authorized accesses for users (or processes acting on behalf of users) which are necessary t... -
CCI-000226
The information system provides the capability for a privileged administrator to configure organization-defined security policy filters to support ... -
CCI-000227
Develop a comprehensive strategy to manage security risk to organizational operations and assets, individuals, other organizations, and the Nation ... -
CCI-000228
Implement the risk management strategy consistently across the organization. -
CCI-000229
The organization documents the security state of organizational information systems and the environments in which those systems operate through sec... -
CCI-000230
The organization tracks the security state of organizational information systems and the environments in which those systems operate through securi... -
CCI-000231
The organization reports the security state of organizational information systems and the environments in which those systems operate through secur... -
CCI-000232
Document and provide supporting rationale in the security plan for the system, user actions not requiring identification and authentication.
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.