CCI: Control Correlation Identifier
The Control Correlation Identifier (CCI) provides a standard identifier and description for each of the singular, actionable statements that comprise an IA control or IA best practice. CCI bridges the gap between high-level policy expressions and low-level technical implementations. CCI allows a security requirement that is expressed in a high-level policy framework to be decomposed and explicitly associated with the low-level security setting(s) that must be assessed to determine compliance with the objectives of that specific security control. This ability to trace security requirements from their origin (e.g., regulations, IA frameworks) to their low-level implementation allows organizations to readily demonstrate compliance to multiple IA compliance frameworks. CCI also provides a means to objectively rollup and compare related compliance assessment results across disparate technologies.
-
CCI-005080
Establish a process of processes to identify and address weaknesses or deficiencies in the supply chain elements of organization-defined system or ... -
CCI-005081
Defines the system or system processes which establish a process or processes for identifying and addressing weaknesses or deficiencies in the supp... -
CCI-005082
Defines the supply chain personnel who, in coordination, establish a process or processes for identifying and addressing weaknesses or deficiencies... -
CCI-005083
Establish a process of processes to identify and address weaknesses or deficiencies in the processes of organization-defined system or system compo... -
CCI-005084
Defines the system or system processes which establish a process or processes for identifying and addressing weaknesses or deficiencies in the supp... -
CCI-005085
Defines the supply chain personnel who, in coordination, establish a process or processes for identifying and addressing weaknesses or deficiencies... -
CCI-005086
Employ the following controls to protect against supply chain risks to the system, system component, or system service. -
CCI-005087
Limit the harm or consequences from supply chain-related events. -
CCI-005088
Defines the supply chain controls employed for protecting against supply chain risks to the system, system component, or system service. -
CCI-005089
Document the selected and implemented supply chain processes and controls in security and privacy plans, supply chain risk management plan, or orga...
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.