Skip to content
ATO Pathways
  Log In

CCI: Control Correlation Identifier

The Control Correlation Identifier (CCI) provides a standard identifier and description for each of the singular, actionable statements that comprise an IA control or IA best practice. CCI bridges the gap between high-level policy expressions and low-level technical implementations. CCI allows a security requirement that is expressed in a high-level policy framework to be decomposed and explicitly associated with the low-level security setting(s) that must be assessed to determine compliance with the objectives of that specific security control. This ability to trace security requirements from their origin (e.g., regulations, IA frameworks) to their low-level implementation allows organizations to readily demonstrate compliance to multiple IA compliance frameworks. CCI also provides a means to objectively rollup and compare related compliance assessment results across disparate technologies.

Scheme
public.cyber.mil /stigs/cci/
Published by
DoD Cyber Exchange (sponsored by DISA: Defense Information Systems Agency)

  • CCI-005140

    Maintain configuration control over serviced or repaired components awaiting return to service.
    Show

  • CCI-005141

    Defines the system components awaiting service or repair.
    Show

  • CCI-005142

    Scan for counterfeit system components on an organization-defined frequency.
    Show

  • CCI-005143

    Defines the frequency for which the counterfeit system components are scanned.
    Show

  • CCI-005144

    Dispose of organization-defined data, documentation, tools, or system components using the following techniques and methods.
    Show

  • CCI-005145

    Defines the data, documentation, tools, or system components which are to be disposed of using organization-defined techniques and methods.
    Show

  • CCI-005146

    Defines the techniques or methods used to dispose of organization-defined data, documentation, tools, or system components.
    Show

  • CCI-005147

    Provide basic privacy literacy training to system users (including managers, senior executives, and contractors) as part of initial training for ne...
    Show

  • CCI-005149

    Implement organization-defined measures to disassociate individuals from audit information transmitted across organizational boundaries.
    Show

  • CCI-005150

    Identify, prioritize, and assess suppliers of critical or mission-essential technologies, products, and services.
    Show

Node 2

siemur/test-space

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules