Skip to content
ATO Pathways
  Log In

CCI: Control Correlation Identifier

The Control Correlation Identifier (CCI) provides a standard identifier and description for each of the singular, actionable statements that comprise an IA control or IA best practice. CCI bridges the gap between high-level policy expressions and low-level technical implementations. CCI allows a security requirement that is expressed in a high-level policy framework to be decomposed and explicitly associated with the low-level security setting(s) that must be assessed to determine compliance with the objectives of that specific security control. This ability to trace security requirements from their origin (e.g., regulations, IA frameworks) to their low-level implementation allows organizations to readily demonstrate compliance to multiple IA compliance frameworks. CCI also provides a means to objectively rollup and compare related compliance assessment results across disparate technologies.

Scheme
public.cyber.mil /stigs/cci/
Published by
DoD Cyber Exchange (sponsored by DISA: Defense Information Systems Agency)

  • CCI-005050

    Based on organization-defined circumstances, fragment the following information.
    Show

  • CCI-005051

    Defines the information for fragmentation.
    Show

  • CCI-005052

    Defines the circumstances for fragmenting organization-defined information.
    Show

  • CCI-005053

    Based on organization-defined circumstances, distribute the fragmented information across the following systems or system components.
    Show

  • CCI-005054

    Defines the systems or system components used to distribute fragmented information.
    Show

  • CCI-005055

    Defines the circumstances for distributing fragmented information across organization-defined systems or system components.
    Show

  • CCI-005056

    Disseminate an organization-level, mission/business process-level, and/or system-level supply chain risk management policy to organization-defined ...
    Show

  • CCI-005057

    Develop and document an organization-level, mission/business process-level, and/or system-level supply chain risk management policy that addresses ...
    Show

  • CCI-005058

    Develop and document organization-level, mission/business process-level, and/or system-level supply chain risk management policy that is consistent...
    Show

  • CCI-005059

    Develop and document procedures to facilitate the implementation of the supply chain risk management policy and the associated supply chain risk ma...
    Show

Node 2

siemur/test-space

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules