An error occurred:
Close sidebar
Xylok
Home Menu
[email protected]
© 2024
Xylok, LLC
Version: v2024.04.1-c0c9-98fb
Xylok
Home Menu
[email protected]
© 2024
Xylok, LLC
Version: v2024.04.1-c0c9-98fb
Open sidebar
Navigate
Top
Search
CCIs (
3551
)
Pages (
9/119
)
CCIs
Number
Definition
Status
Related
CCI-000243
The organization disseminates to organization-defined personnel or roles procedures to facilitate the implementation of the security assessment and authorization policy and associated security assessment and authorization controls.
Draft
CA-1
CCI-000244
The organization reviews and updates the current security assessment and authorization procedures in accordance with organization-defined frequency.
Draft
CA-1
CCI-000245
The organization develops a security assessment plan for the information system and its environment of operation.
Draft
CA-2
CCI-000246
The organization's security assessment plan describes the security controls and control enhancements under assessment.
Draft
CA-2
CCI-000247
The organization's security assessment plan describes assessment procedures to be used to determine security control effectiveness.
Draft
CA-2
CCI-000248
The organization's security assessment plan describes assessment environment.
Draft
CA-2
CCI-000249
The organizations security assessment plan describes the assessment team.
Draft
CCI-000250
The organization's security assessment plan describes assessment roles and responsibilities.
Draft
CCI-000251
The organization assesses, on an organization-defined frequency, the security controls in the information system and its environment of operation to determine the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting the security requirements.
Draft
CA-2
CCI-000252
The organization defines the frequency on which the security controls in the information system and its environment of operation are assessed.
Draft
CA-2
CCI-000253
The organization produces a security assessment report that documents the results of the assessment against the information system and its environment of operation.
Draft
CA-2
CCI-000254
The organization provides the results of the security control assessment against the information system and its environment of operation to organization-defined individuals or roles.
Draft
CA-2
CCI-000255
The organization employs assessors or assessment teams with an organization-defined level of independence to conduct security control assessments of organizational information systems.
Draft
CA-2 (1)
CCI-000256
The organization includes, as part of security control assessments announced or unannounced, one or more of the following: in-depth monitoring; vulnerability scanning; malicious user testing; insider threat assessment; performance/load testing; and organization-defined other forms of security assessment on an organization-defined frequency.
Draft
CA-2 (2)
CCI-000257
The organization authorizes connections from the information system to other information systems through the use of Interconnection Security Agreements.
Draft
CA-3
CCI-000258
The organization documents, for each interconnection, the interface characteristics.
Draft
CA-3
CCI-000259
The organization documents, for each interconnection, the security requirements.
Draft
CA-3
CCI-000260
The organization documents, for each interconnection, the nature of the information communicated.
Draft
CA-3
CCI-000261
The organization monitors the information system connections on an ongoing basis to verify enforcement of security requirements.
Draft
CCI-000262
The organization prohibits the direct connection of an organization-defined unclassified, national security system to an external network without the use of an organization-defined boundary protection device.
Draft
CA-3 (1)
CCI-000263
The organization prohibits the direct connection of a classified, national security system to an external network without the use of organization-defined boundary protection device.
Draft
CA-3 (2)
CCI-000264
The organization develops a plan of action and milestones for the information system to document the organization^s planned remedial actions to correct weaknesses or deficiencies noted during the assessment of the security controls and to reduce or eliminate known vulnerabilities in the system.
Draft
CA-5
CCI-000265
The organization defines the frequency with which to update the existing plan of action and milestones for the information system.
Draft
CA-5
CCI-000266
The organization updates, on an organization-defined frequency, the existing plan of action and milestones for the information system based on the findings from security controls assessments, security impact analyses, and continuous monitoring activities.
Draft
CA-5
CCI-000267
The organization employs automated mechanisms to help ensure the plan of action and milestones for the information system is accurate.
Draft
CA-5 (1)
CCI-000268
The organization employs automated mechanisms to help ensure the plan of action and milestones for the information system is up to date.
Draft
CA-5 (1)
CCI-000269
The organization employs automated mechanisms to help ensure the plan of action and milestones for the information system is readily available.
Draft
CA-5 (1)
CCI-000270
The organization assigns a senior-level executive or manager as the authorizing official for the information system.
Draft
CA-6
CCI-000271
The organization ensures the authorizing official authorizes the information system for processing before commencing operations.
Draft
CA-6
CCI-000272
The organization updates the security authorization on an organization-defined frequency.
Draft
CA-6
Prev
1...
5
6
7
8
9
10
11
12
13
...119
Next