Skip to content
ATO Pathways
  Log In

CCI: Control Correlation Identifier

The Control Correlation Identifier (CCI) provides a standard identifier and description for each of the singular, actionable statements that comprise an IA control or IA best practice. CCI bridges the gap between high-level policy expressions and low-level technical implementations. CCI allows a security requirement that is expressed in a high-level policy framework to be decomposed and explicitly associated with the low-level security setting(s) that must be assessed to determine compliance with the objectives of that specific security control. This ability to trace security requirements from their origin (e.g., regulations, IA frameworks) to their low-level implementation allows organizations to readily demonstrate compliance to multiple IA compliance frameworks. CCI also provides a means to objectively rollup and compare related compliance assessment results across disparate technologies.

Scheme
public.cyber.mil /stigs/cci/
Published by
DoD Cyber Exchange (sponsored by DISA: Defense Information Systems Agency)

  • CCI-004950

    Defines the official designated for managing the development, documentation, and dissemination of the system and information integrity procedures.
    Show

  • CCI-004951

    Review and update the current system and information integrity policy following organization-defined events.
    Show

  • CCI-004952

    Defines the events following reviewing and updating the current system and information integrity policy.
    Show

  • CCI-004953

    Review and update the current system and information integrity procedures following organization-defined events.
    Show

  • CCI-004954

    Defines the events following reviewing and updating the current system and information integrity procedures.
    Show

  • CCI-004955

    Determine if system components have applicable security-related software updates installed using organization-defined mechanisms on an organization...
    Show

  • CCI-004956

    Determine if system components have applicable security-related firmware updates installed using organization-defined mechanisms on an organization...
    Show

  • CCI-004957

    Defines a frequency for installing security-relevant software updates using organization-defined automated mechanisms.
    Show

  • CCI-004958

    Defines a frequency for installing security-relevant firmware updates using organization-defined automated mechanisms.
    Show

  • CCI-004959

    Defines the automated mechanisms for determining if system components have applicable security-related software updates installed.
    Show

Node 2

siemur/test-space

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules