Skip to content
ATO Pathways
  Log In

CCI: Control Correlation Identifier

The Control Correlation Identifier (CCI) provides a standard identifier and description for each of the singular, actionable statements that comprise an IA control or IA best practice. CCI bridges the gap between high-level policy expressions and low-level technical implementations. CCI allows a security requirement that is expressed in a high-level policy framework to be decomposed and explicitly associated with the low-level security setting(s) that must be assessed to determine compliance with the objectives of that specific security control. This ability to trace security requirements from their origin (e.g., regulations, IA frameworks) to their low-level implementation allows organizations to readily demonstrate compliance to multiple IA compliance frameworks. CCI also provides a means to objectively rollup and compare related compliance assessment results across disparate technologies.

Scheme
public.cyber.mil /stigs/cci/
Published by
DoD Cyber Exchange (sponsored by DISA: Defense Information Systems Agency)

  • CCI-004940

    Implement hardware-enforced separation and policy enforcement mechanisms between organization-defined security domains.
    Show

  • CCI-004941

    Defines the security domains for implementing hardware-enforced separation and policy enforcement mechanisms.
    Show

  • CCI-004942

    Implement software-enforced separation and policy enforcement mechanisms between organization-defined security domains.
    Show

  • CCI-004943

    Defines the security domains for implementing software-enforced separation and policy enforcement mechanisms.
    Show

  • CCI-004944

    Develop and document an organization-level; mission/business process-level; and/or system level system and information integrity policy that is con...
    Show

  • CCI-004945

    Designate an organization-defined official to manage the development and documentation of the system and information integrity policy.
    Show

  • CCI-004946

    Designate an organization-defined official to manage the dissemination of the system and information integrity policy.
    Show

  • CCI-004947

    Designate an organization-defined official to manage the development and documentation of the system and information integrity procedures.
    Show

  • CCI-004948

    Designate an organization-defined official to manage the dissemination of the system and information integrity procedures.
    Show

  • CCI-004949

    Defines the official designated for managing the development, documentation, and dissemination of the system and information integrity policy.
    Show

Node 2

siemur/test-space

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules