Skip to content
ATO Pathways
  Log In

CCI: Control Correlation Identifier

The Control Correlation Identifier (CCI) provides a standard identifier and description for each of the singular, actionable statements that comprise an IA control or IA best practice. CCI bridges the gap between high-level policy expressions and low-level technical implementations. CCI allows a security requirement that is expressed in a high-level policy framework to be decomposed and explicitly associated with the low-level security setting(s) that must be assessed to determine compliance with the objectives of that specific security control. This ability to trace security requirements from their origin (e.g., regulations, IA frameworks) to their low-level implementation allows organizations to readily demonstrate compliance to multiple IA compliance frameworks. CCI also provides a means to objectively rollup and compare related compliance assessment results across disparate technologies.

Scheme
public.cyber.mil /stigs/cci/
Published by
DoD Cyber Exchange (sponsored by DISA: Defense Information Systems Agency)

  • CCI-005100

    Establish and maintain unique identification of the following supply chain elements, processes, and personnel associated with the identified system...
    Show

  • CCI-005101

    Defines the supply chain elements, processes, and personnel associated with organization-defined systems and critical system components for establi...
    Show

  • CCI-005102

    Establish and maintain unique identification of the following systems and critical components for tracking through the supply chain.
    Show

  • CCI-005103

    Defines the systems and critical system components for tracking through the supply chain.
    Show

  • CCI-005104

    Employ the following controls to validate that the system or system component received is genuine.
    Show

  • CCI-005105

    Employ the following controls to validate that the system or system component received has not been altered.
    Show

  • CCI-005106

    Defines the controls for validating that the system or system component received is genuine.
    Show

  • CCI-005107

    Defines the controls for validating that the system or system component received has not been altered.
    Show

  • CCI-005108

    Employ organization-defined controls to ensure the integrity of the system and system components by validating the internal composition and provena...
    Show

  • CCI-005109

    Defines the controls for ensuring the integrity of the system and system components.
    Show

Node 2

siemur/test-space

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules