An error occurred:
Close sidebar
Xylok
Home Menu
info@xylok.io
© 2024
Xylok, LLC
Version: pp-server-fixes-6359-660a
Xylok
Home Menu
info@xylok.io
© 2024
Xylok, LLC
Version: pp-server-fixes-6359-660a
Open sidebar
Navigate
Top
Search
CCIs (
3551
)
Pages (
11/119
)
CCIs
Number
Definition
Status
Related
CCI-000303
The organization employs automated mechanisms to maintain a readily available baseline configuration of the information system.
Draft
CM-2 (2)
CCI-000304
The organization retains organization-defined previous versions of baseline configurations of the information system to support rollback.
Draft
CM-2 (3)
CCI-000305
The organization develops a list of software programs not authorized to execute on the information system.
Draft
CCI-000306
The organization maintains the list of software programs not authorized to execute on the information system.
Draft
CCI-000307
The organization employs an allow-all, deny-by-exception authorization policy to identify software allowed to execute on the information system.
Draft
CCI-000308
The organization develops the list of software programs authorized to execute on the information system.
Draft
CCI-000309
The organization maintains the list of software programs authorized to execute on the information system.
Draft
CCI-000310
The organization employs a deny-all, permit-by-exception authorization policy to identify software allowed to execute on the information system.
Draft
CCI-000311
The organization maintains a baseline configuration for information system development environments that is managed separately from the operational baseline configuration.
Draft
CM-2 (6)
CCI-000312
The organization maintains a baseline configuration for information system test environments that is managed separately from the operational baseline configuration.
Draft
CM-2 (6)
CCI-000313
The organization determines the types of changes to the information system that are configuration controlled.
Draft
CM-3
CCI-000314
The organization approves or disapproves configuration-controlled changes to the information system, with explicit consideration for security impact analysis.
Draft
CM-3
CCI-000315
The organization documents approved configuration-controlled changes to the system.
Draft
CCI-000316
The organization retains records of configuration-controlled changes to the information system for an organization-defined time period.
Draft
CM-3
CCI-000317
The organization reviews records of configuration-controlled changes to the system.
Draft
CCI-000318
The organization audits and reviews activities associated with configuration-controlled changes to the system.
Draft
CM-3
CCI-000319
The organization coordinates and provides oversight for configuration change control activities through an organization-defined configuration change control element (e.g., committee, board) that convenes at the organization-defined frequency and/or for any organization-defined configuration change conditions.
Draft
CM-3
CCI-000320
The organization defines the frequency with which to convene the configuration change control element.
Draft
CM-3
CCI-000321
The organization defines configuration change conditions that prompt the configuration change control element to convene.
Draft
CM-3
CCI-000322
The organization employs automated mechanisms to document proposed changes to the information system.
Draft
CM-3 (1)
CCI-000323
The organization employs automated mechanisms to notify organization-defined approval authorities of proposed changes to the information system and request change approval.
Draft
CM-3 (1)
CCI-000324
The organization employs automated mechanisms to highlight proposed changes to the information system that have not been approved or disapproved by an organization-defined time period.
Draft
CM-3 (1)
CCI-000325
The organization employs automated mechanisms to prohibit changes to the information system until designated approvals are received.
Draft
CM-3 (1)
CCI-000326
The organization employs automated mechanisms to document all changes to the information system.
Draft
CM-3 (1)
CCI-000327
The organization tests changes to the information system before implementing the changes on the operational system.
Draft
CM-3 (2)
CCI-000328
The organization validates changes to the information system before implementing the changes on the operational system.
Draft
CM-3 (2)
CCI-000329
The organization documents changes to the information system before implementing the changes on the operational system.
Draft
CM-3 (2)
CCI-000330
The organization employs automated mechanisms to implement changes to the current information system baseline.
Draft
CM-3 (3)
CCI-000331
The organization deploys the updated information system baseline across the installed base.
Draft
CM-3 (3)
CCI-000332
The organization requires an information security representative to be a member of the organization-defined configuration change control element.
Draft
CM-3 (4)
Prev
1...
7
8
9
10
11
12
13
14
15
...119
Next