CCI: Control Correlation Identifier
The Control Correlation Identifier (CCI) provides a standard identifier and description for each of the singular, actionable statements that comprise an IA control or IA best practice. CCI bridges the gap between high-level policy expressions and low-level technical implementations. CCI allows a security requirement that is expressed in a high-level policy framework to be decomposed and explicitly associated with the low-level security setting(s) that must be assessed to determine compliance with the objectives of that specific security control. This ability to trace security requirements from their origin (e.g., regulations, IA frameworks) to their low-level implementation allows organizations to readily demonstrate compliance to multiple IA compliance frameworks. CCI also provides a means to objectively rollup and compare related compliance assessment results across disparate technologies.
-
CCI-004960
Defines the automated mechanisms for determining if system components have applicable security-related firmware updates installed. -
CCI-004961
Employ automated patch management tools to facilitate flaw remediation to the organization-defined system components. -
CCI-004962
Defines the system components on which patch management tools to facilitate flaw remediation are employed. -
CCI-004963
Implement signature based and/or non-signature based malicious code protection mechanisms at system entry and exit points to detect and eradicate m... -
CCI-004964
Automatically update malicious code protection mechanisms as new releases are available in accordance with organizational configuration management ... -
CCI-004965
Automatically update malicious code protection mechanisms as new releases are available in accordance with organizational configuration management ... -
CCI-004966
Configure malicious code protection mechanisms to send alerts to organization-defined personnel in response to malicious code detection. -
CCI-004967
Analyze detected events and anomalies. -
CCI-004968
Employ automated mechanisms to support near real-time analysis of events. -
CCI-004969
Employ automated mechanisms to integrate intrusion detection mechanisms into access control mechanisms.
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.