An error occurred:
Close sidebar
Xylok
Home Menu
info@xylok.io
© 2025
Xylok, LLC
Version: bugfix-XSS-85-d5bffe - rmfrev4
Xylok
Home Menu
info@xylok.io
© 2025
Xylok, LLC
Version: bugfix-XSS-85-d5bffe - rmfrev4
Open sidebar
Navigate
Top
Search
CCIs (
5137
)
Pages (
10/172
)
CCIs
Number
Definition
Status
Related
CCI-000271
Ensure the authorizing official for the system authorizes the system to operate before commencing operations.
Draft
CA-6
CCI-000272
Update the authorization on an organization-defined frequency.
Draft
CA-6
CCI-000273
Defines the frequency with which to update the authorizations.
Draft
CA-6
CCI-000274
Develop a continuous monitoring strategy.
Draft
CA-7
CCI-000275
The organization implements a continuous monitoring program that includes a configuration management process for the information system.
Draft
CCI-000276
The organization implements a continuous monitoring program that includes a configuration management process for the information system constituent components.
Draft
CCI-000277
The organization implements a continuous monitoring program that includes a determination of the security impact of changes to the information system.
Draft
CCI-000278
The organization implements a continuous monitoring program that includes a determination of the security impact of changes to the environment of operation.
Draft
CCI-000279
Implement ongoing control assessments in accordance with the continuous monitoring strategy.
Draft
CA-7
CCI-000280
Implement a continuous monitoring program that includes reporting the security status to organization-defined personnel or roles on an organization-defined frequency.
Draft
CA-7
CCI-000281
Defines the frequency with which to report the security status to organization-defined personnel or roles.
Draft
CA-7
CCI-000282
Employ independent assessors or assessment teams to monitor the controls in the system on an ongoing basis.
Draft
CA-7(1)
CCI-000283
The organization plans announced or unannounced assessments (in-depth monitoring, malicious user testing, penetration testing, red team exercises, or other organization-defined forms of security assessment), on an organization-defined frequency, to ensure compliance with all vulnerability mitigation procedures.
Draft
CCI-000284
The organization schedules announced or unannounced assessments (in-depth monitoring, malicious user testing, penetration testing, red team exercises, or other organization-defined forms of security assessment), on an organization-defined frequency, to ensure compliance with all vulnerability mitigation procedures.
Draft
CCI-000285
The organization conducts announced or unannounced assessments (in-depth monitoring, malicious user testing, penetration testing, red team exercises, or other organization-defined forms of security assessment), on an organization-defined frequency, to ensure compliance with all vulnerability mitigation procedures.
Draft
CCI-000286
Defines the frequency with which to review and update the configuration management policies.
Draft
CM-1
CCI-000287
Develop and document an organization-level; mission/business process-level; and/or system-level configuration management policy that addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance.
Draft
CM-1
CCI-000288
The organization disseminates formal, documented configuration management policy to elements within the organization having associated configuration management roles and responsibilities.
Draft
CCI-000289
Review and update, on an organization-defined frequency, the configuration management policy.
Draft
CM-1
CCI-000290
Develop and document procedures to facilitate the implementation of the organization-level; mission/business process-level; and/or system-level configuration management policy and the associated configuration management controls.
Draft
CM-1
CCI-000291
The organization disseminates formal, documented procedures to facilitate the implementation of the configuration management policy and associated configuration management controls.
Draft
CCI-000292
Review and update, on an organization-defined frequency, the procedures to facilitate the implementation of the organization-level; mission/business process-level; and/or system-level configuration management policy and associated configuration management controls.
Draft
CM-1
CCI-000293
The organization develops a current baseline configuration of the information system.
Draft
CM-2
CCI-000294
The organization documents a baseline configuration of the information system.
Draft
CM-2
CCI-000295
Maintain, under configuration control, a current baseline configuration of the system.
Draft
CM-2
CCI-000296
Review and update the baseline configuration of the system on an organization-defined frequency.
Draft
CM-2(1)
CCI-000297
Review and update the baseline configuration of the system when required due to organization-defined circumstances.
Draft
CM-2(1)
CCI-000298
The organization reviews and updates the baseline configuration of the information system as an integral part of information system component installations.
Draft
CM-2(1)
CCI-000299
The organization reviews and updates the baseline configuration of the information system as an integral part of information system component upgrades.
Draft
CM-2(1)
CCI-000300
Maintain complete configuration of the system using organization-defined automated mechanisms.
Draft
CM-2(2)
Prev
1...
6
7
8
9
10
11
12
13
14
...172
Next