An error occurred:
Close sidebar
Xylok
Home Menu
info@xylok.io
© 2025
Xylok, LLC
Version: bugfix-XSS-85-d5bffe - rmfrev4
Xylok
Home Menu
info@xylok.io
© 2025
Xylok, LLC
Version: bugfix-XSS-85-d5bffe - rmfrev4
Open sidebar
Navigate
Top
Search
CCIs (
5137
)
Pages (
1/172
)
CCIs
Number
Definition
Status
Related
CCI-000001
The organization develops an access control policy that addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance.
Draft
AC-1
CCI-000002
Disseminate the organization-level; mission/business process-level; and/or system-level access control policy that addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance to organization-defined personnel or roles.
Draft
AC-1
CCI-000003
Review and update the current access control policy on an organization-defined frequency.
Draft
AC-1
CCI-000004
The organization develops procedures to facilitate the implementation of the access control policy and associated access controls.
Draft
AC-1
CCI-000005
Disseminate procedures to facilitate the implementation of the organization-level; mission/business process-level; and/or system-level access control policy and associated access controls to the organization-defined personnel or roles.
Draft
AC-1
CCI-000006
Review and update the current access control procedures on an organization-defined frequency.
Draft
AC-1
CCI-000007
The organization manages information system accounts by identifying account types (i.e., individual, group, system, application, guest/anonymous, and temporary).
Draft
CCI-000008
The organization establishes conditions for group membership.
Draft
AC-2
CCI-000009
The organization manages information system accounts by identifying authorized users of the information system and specifying access privileges.
Draft
CCI-000010
Require approvals by organization-defined personnel or roles for requests to create accounts.
Draft
AC-2
CCI-000011
Create, enable, modify, disable, and remove system accounts in accordance with organization-defined procedures.
Draft
AC-2
CCI-000012
Review accounts for compliance with account management requirements per organization-defined frequency.
Draft
AC-2
CCI-000013
The organization manages information system accounts by notifying account managers when temporary accounts are no longer required and when information system users are terminated, transferred, or information system usage or need-to-know/need-to-share changes.
Draft
CCI-000014
The organization manages information system accounts by granting access to the system based on a valid access authorization; intended system usage; and other attributes as required by the organization or associated missions/business functions.
Draft
CCI-000015
Support the management of system accounts using organization-defined automated mechanisms.
Draft
AC-2(1)
CCI-000016
Automatically remove or disable temporary and emergency accounts after an organization-defined time-period for each type of account.
Draft
AC-2(2)
CCI-000017
Disable accounts when the accounts have been inactive for the organization-defined time-period.
Draft
AC-2(3)
CCI-000018
Automatically audit account creation actions.
Draft
AC-2(4)
CCI-000019
Require that users log out in accordance with the organization-defined time-period of expected inactivity or description of when to log out.
Draft
AC-2(5)
CCI-000020
The information system dynamically manages user privileges and associated access authorizations.
Draft
CCI-000021
Enforce dual authorization for organization-defined privileged commands and/or other organization-defined actions.
Draft
AC-3(2)
CCI-000022
The information system enforces one or more organization-defined nondiscretionary access control policies over an organization-defined set of users and resources.
Draft
CCI-000023
The organization develops an organization-wide information security program plan that provides sufficient information about the program management controls and common controls (including specification of parameters for any assignment and selection operations either explicitly or by reference) to enable an implementation that is unambiguously compliant with the intent of the plan, and a determination of the risk to be incurred if the plan is implemented as intended.
Draft
CCI-000024
Prevent access to organization-defined security-relevant information except during secure, non-operable system states.
Draft
AC-3(5)
CCI-000025
The information system enforces information flow control using explicit security attributes on information, source, and destination objects as a basis for flow control decisions.
Draft
CCI-000026
Use protected processing domains to enforce organization-defined information flow control policies as a basis for flow control decisions.
Draft
AC-4(2)
CCI-000027
Enforce organization-defined information flow control policies.
Draft
AC-4(3)
CCI-000028
Prevent encrypted information from bypassing organization-defined flow control mechanisms by employing organization-defined procedures or methods.
Draft
AC-4(4)
CCI-000029
Enforce organization-defined limitations on embedding data types within other data types.
Draft
AC-4(5)
CCI-000030
Enforce information flow control based on organization-defined metadata.
Draft
AC-4(6)
1
2
3
4
5
...172
Next