CCI: Control Correlation Identifier
The Control Correlation Identifier (CCI) provides a standard identifier and description for each of the singular, actionable statements that comprise an IA control or IA best practice. CCI bridges the gap between high-level policy expressions and low-level technical implementations. CCI allows a security requirement that is expressed in a high-level policy framework to be decomposed and explicitly associated with the low-level security setting(s) that must be assessed to determine compliance with the objectives of that specific security control. This ability to trace security requirements from their origin (e.g., regulations, IA frameworks) to their low-level implementation allows organizations to readily demonstrate compliance to multiple IA compliance frameworks. CCI also provides a means to objectively rollup and compare related compliance assessment results across disparate technologies.
-
CCI-000041
Authorize network access to organization-defined privileged commands only for organization-defined compelling operational needs. -
CCI-000042
Document the rationale for authorized network access to organization-defined privileged commands in the security plan for the system. -
CCI-000043
Defines the maximum number of consecutive invalid logon attempts to the information system by a user during an organization-defined time period. -
CCI-000044
Enforce the organization-defined limit of consecutive invalid logon attempts by a user during the organization-defined time period. -
CCI-000045
The organization defines in the security plan, explicitly or by reference, the time period for lock out mode or delay period. -
CCI-000046
The organization selects either a lock out mode for the organization-defined time period or delays the next login prompt for the organization-defin... -
CCI-000047
The information system delays next login prompt according to the organization-defined delay algorithm, when the maximum number of unsuccessful atte... -
CCI-000048
Display an organization-defined system use notification message or banner to users before granting access to the system that provides privacy and s... -
CCI-000049
The organization defines a system use notification message or banner displayed before granting access to the system that provides privacy and secur... -
CCI-000050
Retain the notification message or banner on the screen until users acknowledge the usage conditions and take explicit actions to log on to or furt...
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.