An error occurred:
Close sidebar
Xylok
Home Menu
[email protected]
© 2024
Xylok, LLC
Version: v2024.04.1-c0c9-98fb
Xylok
Home Menu
[email protected]
© 2024
Xylok, LLC
Version: v2024.04.1-c0c9-98fb
Open sidebar
Navigate
Top
Search
CCIs (
3551
)
Pages (
8/119
)
CCIs
Number
Definition
Status
Related
CCI-000211
The organization reports on the results of information security measures of performance.
Draft
PM-6
CCI-000212
The organization develops an enterprise architecture with consideration for information security and the resulting risk to organizational operations, organizational assets, individuals, other organizations, and the Nation.
Draft
PM-7
CCI-000213
The information system enforces approved authorizations for logical access to information and system resources in accordance with applicable access control policies.
Draft
AC-3
CCI-000214
The organization establishes a Discretionary Access Control (DAC) policy that limits propagation of access rights.
Draft
CCI-000215
The organization establishes a Discretionary Access Control (DAC) policy that includes or excludes access to the granularity of a single user.
Draft
CCI-000216
The organization develops and documents a critical infrastructure and key resource protection plan that addresses information security issues.
Draft
PM-8
CCI-000217
The organization defines a time period after which inactive accounts are automatically disabled.
Draft
AC-2 (3)
CCI-000218
The information system, when transferring information between different security domains, identifies information flows by data type specification and usage.
Draft
CCI-000219
The information system, when transferring information between different security domains, decomposes information into organization-defined policy-relevant subcomponents for submission to policy enforcement mechanisms.
Draft
AC-4 (13)
CCI-000221
The information system enforces security policies regarding information on interconnected systems.
Draft
CCI-000223
The information system binds security attributes to information to facilitate information flow policy enforcement.
Draft
CCI-000224
The information system tracks problems associated with the security attribute binding.
Draft
CCI-000225
The organization employs the concept of least privilege, allowing only authorized accesses for users (and processes acting on behalf of users) which are necessary to accomplish assigned tasks in accordance with organizational missions and business functions.
Draft
AC-6
CCI-000226
The information system provides the capability for a privileged administrator to configure organization-defined security policy filters to support different security policies.
Draft
CCI-000227
The organization develops a comprehensive strategy to manage risk to organizational operations and assets, individuals, other organizations, and the Nation associated with the operation and use of information systems.
Draft
PM-9
CCI-000228
The organization implements a comprehensive strategy to manage risk to organization operations and assets, individuals, other organizations, and the Nation associated with the operation and use of information systems consistently across the organization.
Draft
PM-9
CCI-000229
The organization documents the security state of organizational information systems and the environments in which those systems operate through security authorization processes.
Draft
PM-10
CCI-000230
The organization tracks the security state of organizational information systems and the environments in which those systems operate through security authorization processes.
Draft
PM-10
CCI-000231
The organization reports the security state of organizational information systems and the environments in which those systems operate through security authorization processes.
Draft
PM-10
CCI-000232
The organization documents and provides supporting rationale in the security plan for the information system, user actions not requiring identification and authentication.
Draft
AC-14
CCI-000233
The organization designates individuals to fulfill specific roles and responsibilities within the organizational risk management process.
Draft
PM-10
CCI-000234
The organization fully integrates the security authorization processes into an organization-wide risk management program.
Draft
PM-10
CCI-000235
The organization defines mission/business processes with consideration for information security and the resulting risk to organizational operations, organizational assets, individuals, other organizations, and the Nation.
Draft
PM-11
CCI-000236
The organization determines information protection needs arising from the defined mission/business processes and revises the processes as necessary, until an achievable set of protection needs are obtained.
Draft
PM-11
CCI-000237
The organization manages information system accounts by specifically authorizing and monitoring the use of guest/anonymous accounts and temporary accounts.
Draft
CCI-000238
The organization defines the frequency to review and update the current security assessment and authorization policy.
Draft
CA-1
CCI-000239
The organization develops and documents a security assessment and authorization policy that addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance.
Draft
CA-1
CCI-000240
The organization disseminates to organization-defined personnel or roles a security assessment and authorization policy.
Draft
CA-1
CCI-000241
The organization reviews and updates the current security assessment and authorization policy in accordance with organization-defined frequency.
Draft
CA-1
CCI-000242
The organization develops and documents procedures to facilitate the implementation of the security assessment and authorization policy and associated security assessment and authorization controls.
Draft
CA-1
Prev
1...
4
5
6
7
8
9
10
11
12
...119
Next