Skip to content
ATO Pathways
  Log In

CCI: Control Correlation Identifier

The Control Correlation Identifier (CCI) provides a standard identifier and description for each of the singular, actionable statements that comprise an IA control or IA best practice. CCI bridges the gap between high-level policy expressions and low-level technical implementations. CCI allows a security requirement that is expressed in a high-level policy framework to be decomposed and explicitly associated with the low-level security setting(s) that must be assessed to determine compliance with the objectives of that specific security control. This ability to trace security requirements from their origin (e.g., regulations, IA frameworks) to their low-level implementation allows organizations to readily demonstrate compliance to multiple IA compliance frameworks. CCI also provides a means to objectively rollup and compare related compliance assessment results across disparate technologies.

Scheme
public.cyber.mil /stigs/cci/
Published by
DoD Cyber Exchange (sponsored by DISA: Defense Information Systems Agency)

  • CCI-000061

    Identify organization-defined user actions that can be performed on the system without identification or authentication consistent with organizatio...
    Show

  • CCI-000062

    The organization permits actions to be performed without identification and authentication only to the extent necessary to accomplish mission/busin...
    Show

  • CCI-000063

    The organization defines allowed methods of remote access to the information system.
    Show

  • CCI-000064

    The organization establishes usage restrictions and implementation guidance for each allowed remote access method.
    Show

  • CCI-000065

    Authorize remote access to the system prior to allowing such connections.
    Show

  • CCI-000066

    The organization enforces requirements for remote connections to the information system.
    Show

  • CCI-000067

    Employ automated mechanisms to monitor remote access methods.
    Show

  • CCI-000068

    Implement cryptographic mechanisms to protect the confidentiality of remote access sessions.
    Show

  • CCI-000069

    Route all remote accesses through authorized and managed network access control points.
    Show

  • CCI-000070

    Authorize the execution of privileged commands via remote access only in a format that provides assessable evidence for organization-defined needs.
    Show

Node 2

siemur/test-space

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules