CCI: Control Correlation Identifier
The Control Correlation Identifier (CCI) provides a standard identifier and description for each of the singular, actionable statements that comprise an IA control or IA best practice. CCI bridges the gap between high-level policy expressions and low-level technical implementations. CCI allows a security requirement that is expressed in a high-level policy framework to be decomposed and explicitly associated with the low-level security setting(s) that must be assessed to determine compliance with the objectives of that specific security control. This ability to trace security requirements from their origin (e.g., regulations, IA frameworks) to their low-level implementation allows organizations to readily demonstrate compliance to multiple IA compliance frameworks. CCI also provides a means to objectively rollup and compare related compliance assessment results across disparate technologies.
-
CCI-000071
The organization monitors for unauthorized remote connections to the information system on an organization-defined frequency. -
CCI-000072
Protect information about remote access mechanisms from unauthorized use and disclosure. -
CCI-000073
Develop an organization-wide information security program plan that provides an overview of the requirements for the security program and a descrip... -
CCI-000074
Develop an organization-wide information security program plan that is approved by a senior official with responsibility and accountability for the... -
CCI-000075
Review and update the organization-wide information security program plan on an organization-defined frequency. -
CCI-000076
Defines the frequency with which to review and update the organization-wide information security program plan. -
CCI-000077
The organization updates the plan to address organizational changes and problems identified during plan implementation or security control assessme... -
CCI-000078
Appoint a Senior Information Security Officer with the mission and resources to coordinate, develop, implement, and maintain an organization-wide i... -
CCI-000079
The organization ensures that remote sessions for accessing an organization-defined list of security functions and security-relevant information em... -
CCI-000080
Include the resources needed to implement the information security programs in capital planning and investment requests and document all exceptions...
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.