CCI: Control Correlation Identifier
The Control Correlation Identifier (CCI) provides a standard identifier and description for each of the singular, actionable statements that comprise an IA control or IA best practice. CCI bridges the gap between high-level policy expressions and low-level technical implementations. CCI allows a security requirement that is expressed in a high-level policy framework to be decomposed and explicitly associated with the low-level security setting(s) that must be assessed to determine compliance with the objectives of that specific security control. This ability to trace security requirements from their origin (e.g., regulations, IA frameworks) to their low-level implementation allows organizations to readily demonstrate compliance to multiple IA compliance frameworks. CCI also provides a means to objectively rollup and compare related compliance assessment results across disparate technologies.
-
CCI-000021
Enforce dual authorization for organization-defined privileged commands and/or other organization-defined actions. -
CCI-000022
The information system enforces one or more organization-defined nondiscretionary access control policies over an organization-defined set of users... -
CCI-000023
The organization develops an organization-wide information security program plan that provides sufficient information about the program management ... -
CCI-000024
Prevent access to organization-defined security-relevant information except during secure, non-operable system states. -
CCI-000025
The information system enforces information flow control using explicit security attributes on information, source, and destination objects as a ba... -
CCI-000026
Use protected processing domains to enforce organization-defined information flow control policies as a basis for flow control decisions. -
CCI-000027
Enforce organization-defined information flow control policies. -
CCI-000028
Prevent encrypted information from bypassing organization-defined flow control mechanisms by employing organization-defined procedures or methods. -
CCI-000029
Enforce organization-defined limitations on embedding data types within other data types. -
CCI-000030
Enforce information flow control based on organization-defined metadata.
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.