Skip to content
ATO Pathways
  Log In

CCI: Control Correlation Identifier

The Control Correlation Identifier (CCI) provides a standard identifier and description for each of the singular, actionable statements that comprise an IA control or IA best practice. CCI bridges the gap between high-level policy expressions and low-level technical implementations. CCI allows a security requirement that is expressed in a high-level policy framework to be decomposed and explicitly associated with the low-level security setting(s) that must be assessed to determine compliance with the objectives of that specific security control. This ability to trace security requirements from their origin (e.g., regulations, IA frameworks) to their low-level implementation allows organizations to readily demonstrate compliance to multiple IA compliance frameworks. CCI also provides a means to objectively rollup and compare related compliance assessment results across disparate technologies.

Scheme
public.cyber.mil /stigs/cci/
Published by
DoD Cyber Exchange (sponsored by DISA: Defense Information Systems Agency)

  • CCI-004900

    Determine the organization-defined cryptographic uses.
    Show

  • CCI-004901

    Associate organization-defined privacy attributes with information exchanged between systems.
    Show

  • CCI-004902

    Associate organization-defined privacy attributes with information exchanged between system components.
    Show

  • CCI-004903

    Defines the privacy attributes to associate with the information being exchanged between systems and between system components.
    Show

  • CCI-004904

    Verify the integrity of transmitted privacy attributes.
    Show

  • CCI-004905

    Implement anti-spoofing mechanisms to prevent adversaries from falsifying the security attributes indicating the successful application of the secu...
    Show

  • CCI-004906

    Implement organization-defined mechanisms or techniques to bind security attributes to transmitted information.
    Show

  • CCI-004907

    Implement organization-defined mechanisms or techniques to bind privacy attributes to transmitted information.
    Show

  • CCI-004908

    Defines the mechanisms or techniques for binding security and privacy attributes to transmitted information.
    Show

  • CCI-004909

    Include only approved trust anchors in trust stores or certificate stores managed by the organization.
    Show

Node 2

siemur/test-space

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules