An error occurred:
Close sidebar
Xylok
Home Menu
[email protected]
© 2024
Xylok, LLC
Version: v2024.04.1-c0c9-98fb
Xylok
Home Menu
[email protected]
© 2024
Xylok, LLC
Version: v2024.04.1-c0c9-98fb
Open sidebar
Navigate
Top
Search
CCIs (
3551
)
Pages (
5/119
)
CCIs
Number
Definition
Status
Related
CCI-000121
The organization disseminates formal, documented, procedures to elements within the organization having associated audit and accountability roles and responsibilities.
Draft
CCI-000122
The organization reviews and updates the audit and accountability procedures on an organization-defined frequency.
Draft
AU-1
CCI-000123
The organization determines the information system must be capable of auditing an organization-defined list of auditable events.
Draft
AU-2
CCI-000124
The organization coordinates the security audit function with other organizational entities requiring audit-related information to enhance mutual support and to help guide the selection of auditable events.
Draft
AU-2
CCI-000125
The organization provides a rationale for why the list of auditable events is deemed to be adequate to support after-the-fact investigations of security incidents.
Draft
AU-2
CCI-000126
The organization determines that the organization-defined subset of the auditable events defined in AU-2 are to be audited within the information system.
Draft
AU-2
CCI-000127
The organization reviews and updates the list of organization-defined audited events on an organization-defined frequency.
Draft
AU-2 (3)
CCI-000128
The organization includes execution of privileged functions in the list of events to be audited by the information system.
Draft
CCI-000129
The organization defines in the auditable events that the information system must be capable of auditing based on a risk assessment and mission/business needs.
Draft
CCI-000130
The information system generates audit records containing information that establishes what type of event occurred.
Draft
AU-3
CCI-000131
The information system generates audit records containing information that establishes when an event occurred.
Draft
AU-3
CCI-000132
The information system generates audit records containing information that establishes where the event occurred.
Draft
AU-3
CCI-000133
The information system generates audit records containing information that establishes the source of the event.
Draft
AU-3
CCI-000134
The information system generates audit records containing information that establishes the outcome of the event.
Draft
AU-3
CCI-000135
The information system generates audit records containing the organization-defined additional, more detailed information that is to be included in the audit records.
Draft
AU-3 (1)
CCI-000136
The organization centrally manages the content of audit records generated by organization-defined information system components.
Draft
CCI-000137
The organization allocates audit record storage capacity.
Draft
CCI-000138
The organization configures auditing to reduce the likelihood of storage capacity being exceeded.
Draft
CCI-000139
The information system alerts designated organization-defined personnel or roles in the event of an audit processing failure.
Draft
AU-5
CCI-000140
The information system takes organization-defined actions upon audit failure (e.g., shut down information system, overwrite oldest audit records, stop generating audit records).
Draft
AU-5
CCI-000141
The organization ensures that information security resources are available for expenditure as planned.
Draft
PM-3
CCI-000142
The organization implements a process for ensuring that plans of action and milestones for the security program and the associated organizational information systems are maintained.
Draft
PM-4
CCI-000143
The information system provides a warning when allocated audit record storage volume reaches an organization-defined percentage of maximum audit record storage capacity.
Draft
CCI-000144
The information system provides a real-time alert when organization-defined audit failure events occur.
Draft
CCI-000145
The information system enforces configurable network communications traffic volume thresholds reflecting limits on auditing capacity by delaying or rejecting network traffic which exceeds the organization-defined thresholds.
Draft
AU-5 (3)
CCI-000146
The organization defines the percentage of maximum audit record storage capacity that when exceeded, a warning is provided.
Draft
CCI-000147
The organization defines the audit failure events requiring real-time alerts.
Draft
AU-5 (2)
CCI-000148
The organization reviews and analyzes information system audit records on an organization-defined frequency for indications of organization-defined inappropriate or unusual activity.
Draft
AU-6
CCI-000149
The organization reports any findings to organization-defined personnel or roles for indications of organization-defined inappropriate or unusual activity.
Draft
AU-6
CCI-000150
The organization adjusts the level of audit review, analysis, and reporting within the information system when there is a change in risk to organizational operations, organizational assets, individuals, other organizations, or the Nation based on law enforcement information, intelligence information, or other credible sources of information.
Draft
Prev
1
2
3
4
5
6
7
8
9
...119
Next