Skip to content
ATO Pathways
  Log In

CCI: Control Correlation Identifier

The Control Correlation Identifier (CCI) provides a standard identifier and description for each of the singular, actionable statements that comprise an IA control or IA best practice. CCI bridges the gap between high-level policy expressions and low-level technical implementations. CCI allows a security requirement that is expressed in a high-level policy framework to be decomposed and explicitly associated with the low-level security setting(s) that must be assessed to determine compliance with the objectives of that specific security control. This ability to trace security requirements from their origin (e.g., regulations, IA frameworks) to their low-level implementation allows organizations to readily demonstrate compliance to multiple IA compliance frameworks. CCI also provides a means to objectively rollup and compare related compliance assessment results across disparate technologies.

Scheme
public.cyber.mil /stigs/cci/
Published by
DoD Cyber Exchange (sponsored by DISA: Defense Information Systems Agency)

  • CCI-005110

    Conduct organization-defined analysis to ensure the integrity of the system and system components by validating the internal composition and proven...
    Show

  • CCI-005111

    Defines the analysis for ensuring the integrity of the system and system components.
    Show

  • CCI-005112

    Employ the following acquisition strategies, contract tools, and procurement methods to protect against, identify, and mitigate supply chain risks.
    Show

  • CCI-005113

    Defines the acquisition strategies, contract tools, and procurement methods for protecting against, identifying, and mitigating supply chain risks.
    Show

  • CCI-005114

    Employ the following controls to ensure an adequate supply of organization-defined critical system components.
    Show

  • CCI-005115

    Defines the controls for ensuring an adequate supply of organization-defined critical system components.
    Show

  • CCI-005116

    Defines the critical system components that the organization-defined controls ensure an adequate supply of.
    Show

  • CCI-005117

    Access the system, system component, or system service prior to selection, acceptance, modification, or update.
    Show

  • CCI-005118

    Access and review the supply chain-related risks associated with suppliers or contractors and the system, system component, or system service they ...
    Show

  • CCI-005119

    Defines the frequency for assessing and reviewing the supply chain risks.
    Show

Node 2

siemur/test-space

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules