Skip to content
ATO Pathways
  Log In

CCI: Control Correlation Identifier

The Control Correlation Identifier (CCI) provides a standard identifier and description for each of the singular, actionable statements that comprise an IA control or IA best practice. CCI bridges the gap between high-level policy expressions and low-level technical implementations. CCI allows a security requirement that is expressed in a high-level policy framework to be decomposed and explicitly associated with the low-level security setting(s) that must be assessed to determine compliance with the objectives of that specific security control. This ability to trace security requirements from their origin (e.g., regulations, IA frameworks) to their low-level implementation allows organizations to readily demonstrate compliance to multiple IA compliance frameworks. CCI also provides a means to objectively rollup and compare related compliance assessment results across disparate technologies.

Scheme
public.cyber.mil /stigs/cci/
Published by
DoD Cyber Exchange (sponsored by DISA: Defense Information Systems Agency)

  • CCI-004990

    Defines the personnel or roles to be notified when privacy verification tests fail.
    Show

  • CCI-004991

    Defines alternative action(s) to be taken when anomalies in the operation of organization-defined privacy functions are discovered.
    Show

  • CCI-004992

    Shut the system down, restart the system, and/or initiate organization-defined alternative action(s) when anomalies in the operation of the organiz...
    Show

  • CCI-004993

    Implement automated mechanisms to support the management of distributed privacy function testing.
    Show

  • CCI-004994

    Report the results of privacy function verification to organization-defined personnel or roles.
    Show

  • CCI-004995

    Defines the personnel or roles that are to receive reports on the results of privacy function verification.
    Show

  • CCI-004996

    Take organization-defined actions when unauthorized changes to the software, firmware, and information are detected.
    Show

  • CCI-004997

    Defines the actions to be taken when unauthorized changes to the software, firmware, and information are detected.
    Show

  • CCI-004998

    Implement organization-defined controls for application self-protection at runtime.
    Show

  • CCI-004999

    Defines the controls to be implemented for runtime application self-protection.
    Show

Node 2

siemur/test-space

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules