An error occurred:
Close sidebar
Xylok
Home Menu
info@xylok.io
© 2024
Xylok, LLC
Version: pp-server-fixes-6359-660a
Xylok
Home Menu
info@xylok.io
© 2024
Xylok, LLC
Version: pp-server-fixes-6359-660a
Open sidebar
Navigate
Top
Search
CCIs (
3551
)
Pages (
12/119
)
CCIs
Number
Definition
Status
Related
CCI-000333
The organization analyzes changes to the information system to determine potential security impacts prior to change implementation.
Draft
CM-4
CCI-000334
The organization analyzes new software in a separate test environment before installation in an operational environment.
Draft
CCI-000335
The organization, after the information system is changed, checks the security functions to verify the functions are implemented correctly.
Draft
CM-4 (2)
CCI-000336
The organization, after the information system is changed, checks the security functions to verify the functions are operating as intended.
Draft
CM-4 (2)
CCI-000337
The organization, after the information system is changed, checks the security functions to verify the functions are producing the desired outcome with regard to meeting the security requirements for the system.
Draft
CM-4 (2)
CCI-000338
The organization defines physical access restrictions associated with changes to the information system.
Draft
CM-5
CCI-000339
The organization documents physical access restrictions associated with changes to the information system.
Draft
CM-5
CCI-000340
The organization approves physical access restrictions associated with changes to the information system.
Draft
CM-5
CCI-000341
The organization enforces physical access restrictions associated with changes to the information system.
Draft
CM-5
CCI-000342
The organization defines logical access restrictions associated with changes to the information system.
Draft
CM-5
CCI-000343
The organization documents logical access restrictions associated with changes to the information system.
Draft
CM-5
CCI-000344
The organization approves logical access restrictions associated with changes to the information system.
Draft
CM-5
CCI-000345
The organization enforces logical access restrictions associated with changes to the information system.
Draft
CM-5
CCI-000346
The organization employs automated mechanisms to enforce access restrictions.
Draft
CCI-000347
The organization employs automated mechanisms to support auditing of the enforcement actions.
Draft
CCI-000348
The organization defines a frequency with which to conduct reviews of information system changes.
Draft
CM-5 (2)
CCI-000349
The organization reviews information system changes per organization-defined frequency to determine whether unauthorized changes have occurred.
Draft
CM-5 (2)
CCI-000350
The organization reviews information system changes upon organization-defined circumstances to determine whether unauthorized changes have occurred.
Draft
CM-5 (2)
CCI-000351
The organization defines critical software programs that the information system will prevent from being installed if such software programs are not signed with a recognized and approved certificate.
Draft
CCI-000352
The information system prevents the installation of organization-defined critical software programs that are not signed with a certificate that is recognized and approved by the organization.
Draft
CCI-000353
The organization defines information system components requiring enforcement of a dual authorization for information system changes.
Draft
CM-5 (4)
CCI-000354
The organization enforces dual authorization for changes to organization-defined information system components.
Draft
CM-5 (4)
CCI-000355
The organization limits information system developer/integrator privileges to change hardware components directly within a production environment.
Draft
CCI-000356
The organization limits information system developer/integrator privileges to change software components directly within a production environment.
Draft
CCI-000357
The organization limits information system developer/integrator privileges to change firmware components directly within a production environment.
Draft
CCI-000358
The organization limits information system developer/integrator privileges to change system information directly within a production environment.
Draft
CCI-000359
The organization defines the frequency to review information system developer/integrator privileges.
Draft
CCI-000360
The organization defines the frequency to reevaluate information system developer/integrator privileges.
Draft
CCI-000361
The organization reviews information system developer/integrator privileges per organization-defined frequency.
Draft
CCI-000362
The organization reevaluates information system developer/integrator privileges per organization-defined frequency.
Draft
Prev
1...
8
9
10
11
12
13
14
15
16
...119
Next