CCI: Control Correlation Identifier
The Control Correlation Identifier (CCI) provides a standard identifier and description for each of the singular, actionable statements that comprise an IA control or IA best practice. CCI bridges the gap between high-level policy expressions and low-level technical implementations. CCI allows a security requirement that is expressed in a high-level policy framework to be decomposed and explicitly associated with the low-level security setting(s) that must be assessed to determine compliance with the objectives of that specific security control. This ability to trace security requirements from their origin (e.g., regulations, IA frameworks) to their low-level implementation allows organizations to readily demonstrate compliance to multiple IA compliance frameworks. CCI also provides a means to objectively rollup and compare related compliance assessment results across disparate technologies.
-
CCI-000233
Designate individuals to fulfill specific roles and responsibilities within the organizational risk management process. -
CCI-000234
Integrate the authorization processes into an organization-wide risk management program. -
CCI-000235
Define organizational mission and business processes with consideration for information security and the resulting risk to organizational operation... -
CCI-000236
Determine information protection needs arising from the defined mission and business processes. -
CCI-000237
The organization manages information system accounts by specifically authorizing and monitoring the use of guest/anonymous accounts and temporary a... -
CCI-000238
Defines the frequency to review and update the current assessment, authorization, and monitoring policy. -
CCI-000239
Develop and document an organization-level; mission/business process; system-level assessment, authorization, and monitoring policy that addresses ... -
CCI-000240
Disseminates to organization-defined personnel or roles an organization-level; mission/business process; system-level assessment, authorization, an... -
CCI-000241
Review and update the current assessment, authorization, and monitoring policy on an organization-defined frequency. -
CCI-000242
Develop and document procedures to facilitate the implementation of the assessment, authorization, and monitoring policy and associated assessment,...
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.