CCI: Control Correlation Identifier
The Control Correlation Identifier (CCI) provides a standard identifier and description for each of the singular, actionable statements that comprise an IA control or IA best practice. CCI bridges the gap between high-level policy expressions and low-level technical implementations. CCI allows a security requirement that is expressed in a high-level policy framework to be decomposed and explicitly associated with the low-level security setting(s) that must be assessed to determine compliance with the objectives of that specific security control. This ability to trace security requirements from their origin (e.g., regulations, IA frameworks) to their low-level implementation allows organizations to readily demonstrate compliance to multiple IA compliance frameworks. CCI also provides a means to objectively rollup and compare related compliance assessment results across disparate technologies.
-
CCI-000031
Enforce one-way information flows using hardware-based flow control mechanisms. -
CCI-000032
Enforce information flow control using organization-defined security policy filters as a basis for flow control decisions for organization-defined ... -
CCI-000033
The information system enforces the use of human review for organization-defined security policy filters when the system is not capable of making a... -
CCI-000034
Provide the capability for privileged administrators to enable and disable organization-defined security or privacy filters under organization-defi... -
CCI-000035
Provide the capability for privileged administrators to configure the organization-defined security or privacy policy filters to support different ... -
CCI-000036
The organization separates organization-defined duties of individuals. -
CCI-000037
The organization implements separation of duties through assigned information system access authorizations. -
CCI-000038
The organization explicitly authorizes access to organization-defined security functions and security-relevant information. -
CCI-000039
Require that users of system accounts, or roles, with access to organization-defined security functions or security-relevant information, use non-p... -
CCI-000040
The organization audits any use of privileged accounts, or roles, with access to organization-defined security functions or security-relevant infor...
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.