CCI: Control Correlation Identifier
The Control Correlation Identifier (CCI) provides a standard identifier and description for each of the singular, actionable statements that comprise an IA control or IA best practice. CCI bridges the gap between high-level policy expressions and low-level technical implementations. CCI allows a security requirement that is expressed in a high-level policy framework to be decomposed and explicitly associated with the low-level security setting(s) that must be assessed to determine compliance with the objectives of that specific security control. This ability to trace security requirements from their origin (e.g., regulations, IA frameworks) to their low-level implementation allows organizations to readily demonstrate compliance to multiple IA compliance frameworks. CCI also provides a means to objectively rollup and compare related compliance assessment results across disparate technologies.
-
CCI-005120
Employ organizational analysis, independent third-party analysis, organizational testing, and/or independent third-party testing of the following s... -
CCI-005121
Defines the supply chain elements, processes, and actors for employing organizational analysis, independent third-party analysis, organizational te... -
CCI-005122
Employ the following Operations Security (OPSEC) controls to protect supply chain-related information for the system, system component, or system s... -
CCI-005123
Defines the Operations Security (OPSEC) controls that protect supply chain-related information for the system, system component, or system service. -
CCI-005124
Establish agreements and procedures with entities involved in the supply chain for the system, system component, or system service for the notifica... -
CCI-005125
Defines the information for establishing agreements and procedures with entities involved in the supply chain for the system, system component, or ... -
CCI-005126
Implement a tamper protection program for the system, system component, or system service. -
CCI-005127
Employ anti-tamper technologies, tool, and techniques throughout the system development life cycle. -
CCI-005128
Inspect the following systems or system components at random, at organization-defined frequency, and/or upon organization-defined indications of ne... -
CCI-005129
Defines the frequency for inspecting systems or system components.
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.