Skip to content
ATO Pathways
  Log In

CCI: Control Correlation Identifier

The Control Correlation Identifier (CCI) provides a standard identifier and description for each of the singular, actionable statements that comprise an IA control or IA best practice. CCI bridges the gap between high-level policy expressions and low-level technical implementations. CCI allows a security requirement that is expressed in a high-level policy framework to be decomposed and explicitly associated with the low-level security setting(s) that must be assessed to determine compliance with the objectives of that specific security control. This ability to trace security requirements from their origin (e.g., regulations, IA frameworks) to their low-level implementation allows organizations to readily demonstrate compliance to multiple IA compliance frameworks. CCI also provides a means to objectively rollup and compare related compliance assessment results across disparate technologies.

Scheme
public.cyber.mil /stigs/cci/
Published by
DoD Cyber Exchange (sponsored by DISA: Defense Information Systems Agency)

  • CCI-005060

    Designate an organization-defined official to manage the development and documentation of the supply chain risk management policy.
    Show

  • CCI-005061

    Designate an organization-defined official to manage the development and documentation of the supply chain risk management procedures.
    Show

  • CCI-005062

    Designate an organization-defined official to manage the dissemination of the supply chain risk management policy.
    Show

  • CCI-005063

    Designate an organization-defined official to manage the dissemination of the supply chain risk management procedures.
    Show

  • CCI-005064

    Review and update the current supply chain risk management policy on an organization-defined frequency.
    Show

  • CCI-005065

    Defines the frequency for reviewing and updating the current supply chain risk management policy.
    Show

  • CCI-005066

    Review and update the current supply chain risk management policy following organization-defined events.
    Show

  • CCI-005067

    Defines the events following reviewing and updating the current supply chain risk management policy.
    Show

  • CCI-005068

    Review and update the current supply chain risk management procedures on an organization-defined frequency.
    Show

  • CCI-005069

    Defines the frequency for reviewing and updating the current supply chain risk management procedures.
    Show

Node 2

siemur/test-space

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules