Skip to content
ATO Pathways
  Log In

CCI: Control Correlation Identifier

The Control Correlation Identifier (CCI) provides a standard identifier and description for each of the singular, actionable statements that comprise an IA control or IA best practice. CCI bridges the gap between high-level policy expressions and low-level technical implementations. CCI allows a security requirement that is expressed in a high-level policy framework to be decomposed and explicitly associated with the low-level security setting(s) that must be assessed to determine compliance with the objectives of that specific security control. This ability to trace security requirements from their origin (e.g., regulations, IA frameworks) to their low-level implementation allows organizations to readily demonstrate compliance to multiple IA compliance frameworks. CCI also provides a means to objectively rollup and compare related compliance assessment results across disparate technologies.

Scheme
public.cyber.mil /stigs/cci/
Published by
DoD Cyber Exchange (sponsored by DISA: Defense Information Systems Agency)

  • CCI-005000

    Update spam protection mechanisms when new releases are available in accordance with organizational configuration management policy.
    Show

  • CCI-005001

    Update spam protection mechanisms when new releases are available in accordance with organizational configuration management procedures.
    Show

  • CCI-005002

    Defines the frequency for updating spam protection mechanisms.
    Show

  • CCI-005003

    Prevent untrusted data injections.
    Show

  • CCI-005004

    Limit personally identifiable information being processed in the information life cycle to the organization-defined elements of personally identifi...
    Show

  • CCI-005005

    Defines the elements of personally identifiable information being processed in the information life cycle.
    Show

  • CCI-005006

    Use organization-defined techniques to minimize the use of personally identifiable information for research, testing, or training, in accordance wi...
    Show

  • CCI-005007

    Defines the techniques for minimizing the use of personally identifiable information for research, testing, or training.
    Show

  • CCI-005008

    Use organization-defined techniques to dispose of, destroy, or erase information following the retention period.
    Show

  • CCI-005009

    Defines the percentage of the mean time to failure used to manually initiate transfer between active and standby system components.
    Show

Node 2

siemur/test-space

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules