Skip to content
ATO Pathways
  Log In

CCI: Control Correlation Identifier

The Control Correlation Identifier (CCI) provides a standard identifier and description for each of the singular, actionable statements that comprise an IA control or IA best practice. CCI bridges the gap between high-level policy expressions and low-level technical implementations. CCI allows a security requirement that is expressed in a high-level policy framework to be decomposed and explicitly associated with the low-level security setting(s) that must be assessed to determine compliance with the objectives of that specific security control. This ability to trace security requirements from their origin (e.g., regulations, IA frameworks) to their low-level implementation allows organizations to readily demonstrate compliance to multiple IA compliance frameworks. CCI also provides a means to objectively rollup and compare related compliance assessment results across disparate technologies.

Scheme
public.cyber.mil /stigs/cci/
Published by
DoD Cyber Exchange (sponsored by DISA: Defense Information Systems Agency)

  • CCI-004980

    Defines the personnel or roles to receive alerts when indications of inappropriate or unusual activities with security or privacy occur.
    Show

  • CCI-004981

    Correlate information from monitoring mechanisms employed throughout the system.
    Show

  • CCI-004982

    Provide visibility into network traffic at external and key internal system interfaces to optimize the effectiveness of monitoring devices.
    Show

  • CCI-004983

    Defines the automated mechanisms for broadcasting security alert and advisory information.
    Show

  • CCI-004984

    Defines the privacy functions that require verification of correct operation.
    Show

  • CCI-004985

    Verify correct operation of organization-defined privacy functions.
    Show

  • CCI-004986

    Defines the frequency at which it will verify correct operation of organization-defined privacy functions.
    Show

  • CCI-004987

    Defines the system transitional states when the system will verify correct operation of organization-defined privacy functions.
    Show

  • CCI-004988

    Perform verification of the correct operation of organization-defined privacy functions: when the system is in an organization-defined transitional...
    Show

  • CCI-004989

    Alert organization-defined personnel or roles of failed privacy verification tests.
    Show

Node 2

siemur/test-space

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules