CCI: Control Correlation Identifier
The Control Correlation Identifier (CCI) provides a standard identifier and description for each of the singular, actionable statements that comprise an IA control or IA best practice. CCI bridges the gap between high-level policy expressions and low-level technical implementations. CCI allows a security requirement that is expressed in a high-level policy framework to be decomposed and explicitly associated with the low-level security setting(s) that must be assessed to determine compliance with the objectives of that specific security control. This ability to trace security requirements from their origin (e.g., regulations, IA frameworks) to their low-level implementation allows organizations to readily demonstrate compliance to multiple IA compliance frameworks. CCI also provides a means to objectively rollup and compare related compliance assessment results across disparate technologies.
-
CCI-000081
The organization employs a business case/Exhibit 300/Exhibit 53 to record the resources required. -
CCI-000082
The organization establishes usage restrictions for organization-controlled mobile devices. -
CCI-000083
Establish implementation guidance for organization-controlled mobile devices, to include when such devices are outside of controlled areas. -
CCI-000084
Authorize connection of mobile devices to organizational systems. -
CCI-000085
The organization monitors for unauthorized connections of mobile devices to organizational information systems. -
CCI-000086
The organization enforces requirements for the connection of mobile devices to organizational information systems. -
CCI-000087
The organization disables information system functionality that provides the capability for automatic execution of code on mobile devices without u... -
CCI-000088
The organization issues specially configured mobile devices to individuals traveling to locations that the organization deems to be of significant ... -
CCI-000089
The organization applies organization-defined inspection and preventative measures to mobile devices returning from locations that the organization... -
CCI-000090
The organization restricts the use of writable, removable media in organizational information systems.
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.