CCI: Control Correlation Identifier
The Control Correlation Identifier (CCI) provides a standard identifier and description for each of the singular, actionable statements that comprise an IA control or IA best practice. CCI bridges the gap between high-level policy expressions and low-level technical implementations. CCI allows a security requirement that is expressed in a high-level policy framework to be decomposed and explicitly associated with the low-level security setting(s) that must be assessed to determine compliance with the objectives of that specific security control. This ability to trace security requirements from their origin (e.g., regulations, IA frameworks) to their low-level implementation allows organizations to readily demonstrate compliance to multiple IA compliance frameworks. CCI also provides a means to objectively rollup and compare related compliance assessment results across disparate technologies.
-
CCI-005040
Perform a motivated intruder test on the de-identified dataset to determine if the identified data remains or if the de-identified data can be re-i... -
CCI-005041
Embed data or capabilities in the following systems or system components to determine if organizational data has been exfiltrated or improperly rem... -
CCI-005042
Defines the systems or system components used to determine if organizational data has been exfiltrated or improperly removed from the organization. -
CCI-005043
Refresh organization-defined information on an organization-defined frequency, or generate organization-defined information on demand. -
CCI-005044
Defines the information to be refreshed on an organization-defined frequency. -
CCI-005045
Defines the frequencies for refreshing organization-defined information. -
CCI-005046
Identify the following alternate sources of information for organization-defined essential functions and services. -
CCI-005047
Defines the alternative information sources for identifying organization-defined essential functions and services. -
CCI-005048
Use an alternate information source for the execution of essential functions or services on organization-defined systems or system components when ... -
CCI-005049
Defines the systems or system components used as an alternate information source for the execution of essential functions or services when the prim...
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.