An error occurred:
Close sidebar
Xylok
Home Menu
[email protected]
© 2024
Xylok, LLC
Version: v2024.04.1-c0c9-98fb
Xylok
Home Menu
[email protected]
© 2024
Xylok, LLC
Version: v2024.04.1-c0c9-98fb
Open sidebar
Navigate
Top
Search
CCIs (
3551
)
Pages (
3/119
)
CCIs
Number
Definition
Status
Related
CCI-000061
The organization identifies and defines organization-defined user actions that can be performed on the information system without identification or authentication consistent with organizational missions/business functions.
Draft
AC-14
CCI-000062
The organization permits actions to be performed without identification and authentication only to the extent necessary to accomplish mission/business objectives.
Draft
CCI-000063
The organization defines allowed methods of remote access to the information system.
Draft
AC-17
CCI-000064
The organization establishes usage restrictions and implementation guidance for each allowed remote access method.
Draft
CCI-000065
The organization authorizes remote access to the information system prior to allowing such connections.
Draft
AC-17
CCI-000066
The organization enforces requirements for remote connections to the information system.
Draft
CCI-000067
The information system monitors remote access methods.
Draft
AC-17 (1)
CCI-000068
The information system implements cryptographic mechanisms to protect the confidentiality of remote access sessions.
Draft
AC-17 (2)
CCI-000069
The information system routes all remote accesses through an organization-defined number of managed network access control points.
Draft
AC-17 (3)
CCI-000070
The organization authorizes the execution of privileged commands via remote access only for organization-defined needs.
Draft
AC-17 (4)
CCI-000071
The organization monitors for unauthorized remote connections to the information system on an organization-defined frequency.
Draft
CCI-000072
The organization ensures that users protect information about remote access mechanisms from unauthorized use and disclosure.
Draft
AC-17 (6)
CCI-000073
The organization develops an organization-wide information security program plan that provides an overview of the requirements for the security program and a description of the security program management controls and common controls in place or planned for meeting those requirements.
Draft
PM-1
CCI-000074
The organization develops an organization-wide information security program plan that is approved by a senior official with responsibility and accountability for the risk being incurred to organizational operations (including mission, functions, image, and reputation), organizational assets, individuals, other organizations, and the Nation.
Draft
PM-1
CCI-000075
The organization reviews the organization-wide information security program plan on an organization-defined frequency.
Draft
PM-1
CCI-000076
The organization defines the frequency with which to review the organization-wide information security program plan.
Draft
PM-1
CCI-000077
The organization updates the plan to address organizational changes and problems identified during plan implementation or security control assessments.
Draft
PM-1
CCI-000078
The organization appoints a senior information security officer with the mission and resources to coordinate, develop, implement, and maintain an organization-wide information security program.
Draft
PM-2
CCI-000079
The organization ensures that remote sessions for accessing an organization-defined list of security functions and security-relevant information employ organization-defined additional security measures.
Draft
CCI-000080
The organization ensures that all capital planning and investment requests include the resources needed to implement the information security program and documents all exceptions to this requirement.
Draft
PM-3
CCI-000081
The organization employs a business case/Exhibit 300/Exhibit 53 to record the resources required.
Draft
PM-3
CCI-000082
The organization establishes usage restrictions for organization-controlled mobile devices.
Draft
AC-19
CCI-000083
The organization establishes implementation guidance for organization-controlled mobile devices.
Draft
AC-19
CCI-000084
The organization authorizes connection of mobile devices to organizational information systems.
Draft
AC-19
CCI-000085
The organization monitors for unauthorized connections of mobile devices to organizational information systems.
Draft
CCI-000086
The organization enforces requirements for the connection of mobile devices to organizational information systems.
Draft
CCI-000087
The organization disables information system functionality that provides the capability for automatic execution of code on mobile devices without user direction.
Draft
CCI-000088
The organization issues specially configured mobile devices to individuals traveling to locations that the organization deems to be of significant risk in accordance with organizational policies and procedures.
Draft
CCI-000089
The organization applies organization-defined inspection and preventative measures to mobile devices returning from locations that the organization deems to be of significant risk in accordance with organizational policies and procedures.
Draft
CCI-000090
The organization restricts the use of writable, removable media in organizational information systems.
Draft
Prev
1
2
3
4
5
6
7
...119
Next