CCI: Control Correlation Identifier
The Control Correlation Identifier (CCI) provides a standard identifier and description for each of the singular, actionable statements that comprise an IA control or IA best practice. CCI bridges the gap between high-level policy expressions and low-level technical implementations. CCI allows a security requirement that is expressed in a high-level policy framework to be decomposed and explicitly associated with the low-level security setting(s) that must be assessed to determine compliance with the objectives of that specific security control. This ability to trace security requirements from their origin (e.g., regulations, IA frameworks) to their low-level implementation allows organizations to readily demonstrate compliance to multiple IA compliance frameworks. CCI also provides a means to objectively rollup and compare related compliance assessment results across disparate technologies.
-
CCI-005030
Defines the elements of personally identifiable information to be removed from datasets. -
CCI-005031
Evaluate organization-defined frequency for effectiveness of de-identification. -
CCI-005032
Defines the frequency for evaluating for effectiveness of de-identification. -
CCI-005033
De-identify the dataset upon collection by not collecting personally identifiable information. -
CCI-005034
Prohibit archiving personally identifiable information elements if those elements in a dataset will not be needed after the dataset is archived. -
CCI-005035
Remove personally identifiable information elements from a dataset prior to its release if those elements in the dataset do not need to be part of ... -
CCI-005036
Remove, mask, encrypt, hash, or replace direct identifiers in a dataset. -
CCI-005037
Manipulate numerical data, contingency tables, and statistical findings so that no individual or organization is identifiable in the results of the... -
CCI-005038
Prevent disclosure of personally identifiable information by adding non-deterministic noise to the results of mathematical operations before the re... -
CCI-005039
Perform de-identification using validated algorithms and software that is validated to implement the algorithms.
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.