CCI: Control Correlation Identifier
The Control Correlation Identifier (CCI) provides a standard identifier and description for each of the singular, actionable statements that comprise an IA control or IA best practice. CCI bridges the gap between high-level policy expressions and low-level technical implementations. CCI allows a security requirement that is expressed in a high-level policy framework to be decomposed and explicitly associated with the low-level security setting(s) that must be assessed to determine compliance with the objectives of that specific security control. This ability to trace security requirements from their origin (e.g., regulations, IA frameworks) to their low-level implementation allows organizations to readily demonstrate compliance to multiple IA compliance frameworks. CCI also provides a means to objectively rollup and compare related compliance assessment results across disparate technologies.
-
CCI-005070
Review and update the current supply chain risk management procedures following organization-defined events. -
CCI-005071
Defines the events following reviewing and updating the current supply chain risk management procedures. -
CCI-005072
Develop a plan for managing supply chain risks associated with the research and development, design, manufacturing, acquisition, delivery, integrat... -
CCI-005073
Defines the systems, system components, or system services that a plan for managing supply chain risks are developed. -
CCI-005074
Review and update the supply chain risk management plan on an organization-defined frequency, or as required, to address threat, organizational or ... -
CCI-005075
Defines the frequency for reviewing and updating the supply chain risk management plan. -
CCI-005076
Protect the supply chain risk management plan from unauthorized disclosure and modification. -
CCI-005077
Establish a supply chain risk management team consisting of organization-defined personnel, roles, and responsibilities to lead and support the fol... -
CCI-005078
Defines the supply chain risk management activities that will be led by a supply chain risk management team consisting of organization-defined pers... -
CCI-005079
Defines the personnel, roles, and responsibilities who lead and support organization-defined supply chain risk management activities.
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.