An error occurred:
Close sidebar
Xylok
Home Menu
[email protected]
© 2024
Xylok, LLC
Version: v2024.04.1-c0c9-98fb
Xylok
Home Menu
[email protected]
© 2024
Xylok, LLC
Version: v2024.04.1-c0c9-98fb
Open sidebar
Navigate
Top
Search
CCIs (
3551
)
Pages (
4/119
)
CCIs
Number
Definition
Status
Related
CCI-000091
The organization prohibits the use of personally-owned, removable media in organizational information systems.
Draft
CCI-000092
The organization prohibits the use of removable media in organizational information systems when the media has no identifiable owner.
Draft
CCI-000093
The organization establishes terms and conditions, consistent with any trust relationships established with other organizations owning, operating, and/or maintaining external information systems, allowing authorized individuals to access the information system from the external information systems.
Draft
AC-20
CCI-000094
The organization establishes terms and conditions, consistent with any trust relationships established with other organizations owning, operating, and/or maintaining external information systems, allowing authorized individuals to process organization-controlled information using the external information systems.
Draft
CCI-000095
The organization prohibits authorized individuals from using an external information system to access the information system except in situations where the organization can verify the implementation of required security controls on the external system as specified in the organization^s information security policy and security plan.
Draft
CCI-000096
The organization prohibits authorized individuals from using an external information system to access the information system or to process, store, or transmit organization-controlled information except in situations where the organization has approved information system connection or processing agreements with the organizational entity hosting the external information system.
Draft
CCI-000097
The organization restricts or prohibits the use of organization-controlled portable storage devices by authorized individuals on external information systems.
Draft
AC-20 (2)
CCI-000098
The organization facilitates information sharing by enabling authorized users to determine whether access authorizations assigned to the sharing partner match the access restrictions on the information for organization-defined information circumstances where user discretion is required.
Draft
AC-21
CCI-000099
The information system enforces information-sharing decisions by authorized users based on access authorizations of sharing partners and access restrictions on information to be shared.
Draft
AC-21 (1)
CCI-000100
The organization develops and documents a security awareness and training policy that addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance.
Draft
AT-1
CCI-000101
The organization disseminates a security awareness and training policy to organization-defined personnel or roles.
Draft
AT-1
CCI-000102
The organization reviews and updates the current security awareness and training policy in accordance with organization-defined frequency.
Draft
AT-1
CCI-000103
The organization develops and documents procedures to facilitate the implementation of the security awareness and training policy and associated security awareness and training controls.
Draft
AT-1
CCI-000104
The organization disseminates security awareness and training procedures to organization-defined personnel or roles.
Draft
AT-1
CCI-000105
The organization reviews and updates the current security awareness and training procedures in accordance with an organization-defined frequency.
Draft
AT-1
CCI-000106
The organization provides basic security awareness training to information system users (including managers, senior executives, and contractors) as part of initial training for new users.
Draft
AT-2
CCI-000107
The organization includes practical exercises in security awareness training that simulate actual cyber attacks.
Draft
AT-2 (1)
CCI-000108
The organization provides role-based security training to personnel with assigned security roles and responsibilities before authorizing access to the information system or performing assigned duties.
Draft
AT-3
CCI-000109
The organization provides role-based security training to personnel with assigned security roles and responsibilities when required by information system changes.
Draft
AT-3
CCI-000110
The organization provides refresher role-based security training to personnel with assigned security roles and responsibilities in accordance with organization-defined frequency.
Draft
AT-3
CCI-000111
The organization defines a frequency for providing refresher role-based security training.
Draft
AT-3
CCI-000112
The organization provides basic security awareness training to information system users (including managers, senior executives, and contractors) when required by information system changes.
Draft
AT-2
CCI-000113
The organization documents individual information system security training activities, including basic security awareness training and specific information system security training.
Draft
AT-4
CCI-000114
The organization monitors individual information system security training activities, including basic security awareness training and specific information system security training.
Draft
AT-4
CCI-000115
The organization establishes contact with selected groups and associations within the security community to facilitate ongoing security education and training; to stay up to date with the latest recommended security practices, techniques, and technologies; and to share current security-related information including threats, vulnerabilities, and incidents.
Draft
CCI-000116
The organization institutionalizes contact with selected groups and associations within the security community to facilitate ongoing security education and training; to stay up to date with the latest recommended security practices, techniques, and technologies; and to share current security-related information including threats, vulnerabilities, and incidents.
Draft
CCI-000117
The organization develops and documents an audit and accountability policy that addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance.
Draft
AU-1
CCI-000118
The organization disseminates a formal, documented, audit and accountability policy to elements within the organization having associated audit and accountability roles and responsibilities.
Draft
CCI-000119
The organization reviews and updates the audit and accountability policy on an organization-defined frequency.
Draft
AU-1
CCI-000120
The organization develops and documents procedures to facilitate the implementation of the audit and accountability policy and associated audit and accountability controls.
Draft
AU-1
Prev
1
2
3
4
5
6
7
8
...119
Next