An error occurred:
Close sidebar
Xylok
Home Menu
[email protected]
© 2024
Xylok, LLC
Version: v2024.04.1-c0c9-98fb
Xylok
Home Menu
[email protected]
© 2024
Xylok, LLC
Version: v2024.04.1-c0c9-98fb
Open sidebar
Navigate
Top
Search
CCIs (
3551
)
Pages (
1/119
)
CCIs
Number
Definition
Status
Related
CCI-000001
The organization develops an access control policy that addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance.
Draft
AC-1
CCI-000002
The organization disseminates the access control policy to organization-defined personnel or roles.
Draft
AC-1
CCI-000003
The organization reviews and updates the access control policy in accordance with organization-defined frequency.
Draft
AC-1
CCI-000004
The organization develops procedures to facilitate the implementation of the access control policy and associated access controls.
Draft
AC-1
CCI-000005
The organization disseminates the procedures to facilitate access control policy and associated access controls to the organization-defined personnel or roles.
Draft
AC-1
CCI-000006
The organization reviews and updates the access control procedures in accordance with organization-defined frequency.
Draft
AC-1
CCI-000007
The organization manages information system accounts by identifying account types (i.e., individual, group, system, application, guest/anonymous, and temporary).
Draft
CCI-000008
The organization establishes conditions for group membership.
Draft
AC-2
CCI-000009
The organization manages information system accounts by identifying authorized users of the information system and specifying access privileges.
Draft
CCI-000010
The organization requires approvals by organization-defined personnel or roles for requests to create information system accounts.
Draft
AC-2
CCI-000011
The organization creates, enables, modifies, disables, and removes information system accounts in accordance with organization-defined procedures or conditions.
Draft
AC-2
CCI-000012
The organization reviews information system accounts for compliance with account management requirements per organization-defined frequency.
Draft
AC-2
CCI-000013
The organization manages information system accounts by notifying account managers when temporary accounts are no longer required and when information system users are terminated, transferred, or information system usage or need-to-know/need-to-share changes.
Draft
CCI-000014
The organization manages information system accounts by granting access to the system based on a valid access authorization; intended system usage; and other attributes as required by the organization or associated missions/business functions.
Draft
CCI-000015
The organization employs automated mechanisms to support the information system account management functions.
Draft
AC-2 (1)
CCI-000016
The information system automatically removes or disables temporary accounts after an organization-defined time period for each type of account.
Draft
AC-2 (2)
CCI-000017
The information system automatically disables inactive accounts after an organization-defined time period.
Draft
AC-2 (3)
CCI-000018
The information system automatically audits account creation actions.
Draft
AC-2 (4)
CCI-000019
The organization requires that users log out in accordance with the organization-defined time period of inactivity or description of when to log out.
Draft
AC-2 (5)
CCI-000020
The information system dynamically manages user privileges and associated access authorizations.
Draft
CCI-000021
The information system enforces dual authorization for organization-defined privileged commands and/or other organization-defined actions.
Draft
AC-3 (2)
CCI-000022
The information system enforces one or more organization-defined nondiscretionary access control policies over an organization-defined set of users and resources.
Draft
CCI-000023
The organization develops an organization-wide information security program plan that provides sufficient information about the program management controls and common controls (including specification of parameters for any assignment and selection operations either explicitly or by reference) to enable an implementation that is unambiguously compliant with the intent of the plan, and a determination of the risk to be incurred if the plan is implemented as intended.
Draft
CCI-000024
The information system prevents access to organization-defined security-relevant information except during secure, non-operable system states.
Draft
AC-3 (5)
CCI-000025
The information system enforces information flow control using explicit security attributes on information, source, and destination objects as a basis for flow control decisions.
Draft
CCI-000026
The information system uses protected processing domains to enforce organization-defined information flow control policies as a basis for flow control decisions.
Draft
AC-4 (2)
CCI-000027
The information system enforces dynamic information flow control based on organization-defined policies.
Draft
AC-4 (3)
CCI-000028
The information system prevents encrypted information from bypassing content-checking mechanisms by employing organization-defined procedures or methods.
Draft
AC-4 (4)
CCI-000029
The information system enforces organization-defined limitations on the embedding of data types within other data types.
Draft
AC-4 (5)
CCI-000030
The information system enforces information flow control based on organization-defined metadata.
Draft
AC-4 (6)
1
2
3
4
5
...119
Next