Skip to content
ATO Pathways
  Log In

CCI: Control Correlation Identifier

The Control Correlation Identifier (CCI) provides a standard identifier and description for each of the singular, actionable statements that comprise an IA control or IA best practice. CCI bridges the gap between high-level policy expressions and low-level technical implementations. CCI allows a security requirement that is expressed in a high-level policy framework to be decomposed and explicitly associated with the low-level security setting(s) that must be assessed to determine compliance with the objectives of that specific security control. This ability to trace security requirements from their origin (e.g., regulations, IA frameworks) to their low-level implementation allows organizations to readily demonstrate compliance to multiple IA compliance frameworks. CCI also provides a means to objectively rollup and compare related compliance assessment results across disparate technologies.

Scheme
public.cyber.mil /stigs/cci/
Published by
DoD Cyber Exchange (sponsored by DISA: Defense Information Systems Agency)

  • CCI-000243

    Disseminate to organization-defined personnel or roles procedures to facilitate the implementation of the assessment, authorization, and monitoring...
    Show

  • CCI-000244

    Review and update the current assessment, authorization, and monitoring procedures on an organization-defined frequency.
    Show

  • CCI-000245

    The organization develops a security assessment plan for the information system and its environment of operation.
    Show

  • CCI-000246

    Develop a control assessment plan that describes the scope of the assessment including controls and control enhancements under assessment.
    Show

  • CCI-000247

    Develop a control assessment plan that describes the scope of the assessment including assessment procedures to be used to determine control effect...
    Show

  • CCI-000248

    Develop a control assessment plan that describes the scope of the assessment including assessment environment.
    Show

  • CCI-000249

    The organizations security assessment plan describes the assessment team.
    Show

  • CCI-000250

    The organization's security assessment plan describes assessment roles and responsibilities.
    Show

  • CCI-000251

    Assess the controls in the systems and its environment of operation on an organization-defined frequency, to determine the extent to which the cont...
    Show

  • CCI-000252

    Defines the frequency on which the security controls in the system and its environment of operation are assessed.
    Show

Node 2

siemur/test-space

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules