Skip to content
ATO Pathways
  Log In

CCI: Control Correlation Identifier

The Control Correlation Identifier (CCI) provides a standard identifier and description for each of the singular, actionable statements that comprise an IA control or IA best practice. CCI bridges the gap between high-level policy expressions and low-level technical implementations. CCI allows a security requirement that is expressed in a high-level policy framework to be decomposed and explicitly associated with the low-level security setting(s) that must be assessed to determine compliance with the objectives of that specific security control. This ability to trace security requirements from their origin (e.g., regulations, IA frameworks) to their low-level implementation allows organizations to readily demonstrate compliance to multiple IA compliance frameworks. CCI also provides a means to objectively rollup and compare related compliance assessment results across disparate technologies.

Scheme
public.cyber.mil /stigs/cci/
Published by
DoD Cyber Exchange (sponsored by DISA: Defense Information Systems Agency)

  • CCI-000051

    The organization approves the information system use notification message before its use.
    Show

  • CCI-000052

    Notify the user, upon successful logon (access) to the system, of the date and time of the last logon (access).
    Show

  • CCI-000053

    Notify the user, upon successful logon/access, of the number of unsuccessful logon/access attempts since the last successful logon/access.
    Show

  • CCI-000054

    Limit the number of concurrent sessions for each organization-defined account and/or account type to an organization-defined number.
    Show

  • CCI-000055

    Defines the maximum number of concurrent sessions to be allowed for each organization-defined account and/or account type.
    Show

  • CCI-000056

    Retain the device lock until the user reestablishes access using established identification and authentication procedures.
    Show

  • CCI-000057

    The information system initiates a session lock after the organization-defined time period of inactivity.
    Show

  • CCI-000058

    The information system provides the capability for users to directly initiate session lock mechanisms.
    Show

  • CCI-000059

    Defines the time-period of inactivity after which the system initiates a device lock.
    Show

  • CCI-000060

    Conceal, via the device lock, information previously visible on the display with a publicly viewable image.
    Show

Node 2

siemur/test-space

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules