Skip to content
ATO Pathways
  Log In

CCI: Control Correlation Identifier

The Control Correlation Identifier (CCI) provides a standard identifier and description for each of the singular, actionable statements that comprise an IA control or IA best practice. CCI bridges the gap between high-level policy expressions and low-level technical implementations. CCI allows a security requirement that is expressed in a high-level policy framework to be decomposed and explicitly associated with the low-level security setting(s) that must be assessed to determine compliance with the objectives of that specific security control. This ability to trace security requirements from their origin (e.g., regulations, IA frameworks) to their low-level implementation allows organizations to readily demonstrate compliance to multiple IA compliance frameworks. CCI also provides a means to objectively rollup and compare related compliance assessment results across disparate technologies.

Scheme
public.cyber.mil /stigs/cci/
Published by
DoD Cyber Exchange (sponsored by DISA: Defense Information Systems Agency)

  • CCI-005090

    Defines the document which contains supply chain processes and controls.
    Show

  • CCI-005091

    Employ a diverse set of sources for the following system components and services.
    Show

  • CCI-005092

    Defines the system or system components and services which employ a diverse set of sources.
    Show

  • CCI-005093

    Employ the following controls to limit harm from potential adversaries identifying and targeting the organizational supply chain.
    Show

  • CCI-005094

    Defines the controls to be employed to limit harm from potential adversaries identifying and targeting the organizational supply chain.
    Show

  • CCI-005095

    Ensure that the controls included in the contracts of prime contractors are also included in the contracts of subcontractors.
    Show

  • CCI-005096

    Document valid provenance of the following systems, system components, and associated data.
    Show

  • CCI-005097

    Monitor valid provenance of the following systems, system components, and associated data.
    Show

  • CCI-005098

    Maintain valid provenance of the following systems, system components, and associated data.
    Show

  • CCI-005099

    Defines the systems, system components, and associated data for documenting, monitoring, and maintaining valid provenance.
    Show

Node 2

siemur/test-space

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules