Skip to content
ATO Pathways
  Log In

CCI: Control Correlation Identifier

The Control Correlation Identifier (CCI) provides a standard identifier and description for each of the singular, actionable statements that comprise an IA control or IA best practice. CCI bridges the gap between high-level policy expressions and low-level technical implementations. CCI allows a security requirement that is expressed in a high-level policy framework to be decomposed and explicitly associated with the low-level security setting(s) that must be assessed to determine compliance with the objectives of that specific security control. This ability to trace security requirements from their origin (e.g., regulations, IA frameworks) to their low-level implementation allows organizations to readily demonstrate compliance to multiple IA compliance frameworks. CCI also provides a means to objectively rollup and compare related compliance assessment results across disparate technologies.

Scheme
public.cyber.mil /stigs/cci/
Published by
DoD Cyber Exchange (sponsored by DISA: Defense Information Systems Agency)

  • CCI-004970

    Employ automated mechanisms to integrate intrusion detection mechanisms into flow control mechanisms.
    Show

  • CCI-004971

    Determine criteria for unusual or unauthorized activities or conditions for inbound communications traffic.
    Show

  • CCI-004972

    Determine criteria for unusual or unauthorized activities or conditions for outbound communications traffic.
    Show

  • CCI-004973

    Defines the unusual or unauthorized activities or conditions that will be monitored for inbound communications traffic.
    Show

  • CCI-004974

    Defines the unusual or unauthorized activities or conditions that will be monitored for outbound communications traffic.
    Show

  • CCI-004975

    Test intrusion monitoring mechanisms at an organization-defined frequency.
    Show

  • CCI-004976

    Defines the frequency for testing intrusion monitoring mechanisms.
    Show

  • CCI-004977

    Defines the encrypted communications traffic that is to be visible to organization-defined system monitoring mechanisms.
    Show

  • CCI-004978

    Defines the system monitoring mechanisms that will have visibility into organization-defined encrypted communications traffic.
    Show

  • CCI-004979

    Make provisions so that organization-defined encrypted communications traffic is visible to organization-defined system monitoring mechanisms.
    Show

Node 2

siemur/test-space

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules