An error occurred:
Close sidebar
Xylok
Home Menu
info@xylok.io
© 2025
Xylok, LLC
Version: bugfix-XSS-85-d5bffe - rmfrev4
Xylok
Home Menu
info@xylok.io
© 2025
Xylok, LLC
Version: bugfix-XSS-85-d5bffe - rmfrev4
Open sidebar
Navigate
Top
Search
CCIs (
5137
)
Pages (
103/172
)
CCIs
Number
Definition
Status
Related
CCI-003091
Determine the high-level information security requirements for the system or system service in mission and business process planning.
Draft
SA-2
CCI-003092
Defines a system development life cycle that is used to manage the system.
Draft
SA-3
CCI-003093
Integrate the organizational information security risk management process into system development life cycle activities.
Draft
SA-3
CCI-003094
Include the security functional requirements, explicitly or by reference, using standardized contract language; and/or organization-defined contract language in the acquisition contract for the system, system component, or system service.
Draft
SA-4
CCI-003095
Include the strength of mechanism requirements, explicitly or by reference, using standardized contract language; and/or organization-defined contract language in the acquisition contract for the information system, system component, or information system service.
Draft
SA-4
CCI-003096
Include the security assurance requirements, explicitly or by reference, using standardized contract language; and/or organization-defined contract language in the acquisition contract for the information system, system component, or information system service.
Draft
SA-4
CCI-003097
Include the security documentation requirements, explicitly or by reference, using standardized contract language; and/or organization-defined contract language in the acquisition contract for the information system, system component, or information system service.
Draft
SA-4
CCI-003098
Include the requirements for protecting security documentation, explicitly or by reference, using standardized contract language; and/or organization-defined contract language in the acquisition contract for the information system, system component, or information system service.
Draft
SA-4
CCI-003099
Include the description of the system development environment and environment in which the system is intended to operate, explicitly or by reference, using standardized contract language; and/or organization-defined contract language in the acquisition contract for the information system, system component, or information system service.
Draft
SA-4
CCI-003100
Include the acceptance criteria, explicitly or by reference, using standardized contract language; and/or organization-defined contract language in the acquisition contract for the information system, system component, or information system service.
Draft
SA-4
CCI-003101
Require the developer of the system, system component, or system service to provide design information for the controls that includes security-relevant external system interfaces, high-level design, low-level design, source code, hardware schematics, and/or organization-defined design information at an organization-defined level of detail.
Draft
SA-4(2)
CCI-003102
Require the developer of the system, system component, or system service to provide implementation information for the controls that includes security-relevant external system interfaces, high-level design, low-level design, source code, hardware schematics, and/or organization-defined implementation information at an organization-defined level of detail.
Draft
SA-4(2)
CCI-003103
Defines the design information that the developer of the system, system component, or system service is required to provide for the controls to be designed.
Draft
SA-4(2)
CCI-003104
Defines the implementation information that the developer of the system, system component, or system service is required to provide for the security controls to be implemented.
Draft
SA-4(2)
CCI-003105
Defines the level of detail for the design information of the controls that is required to be provided by the developer of the information system, system component, or information system services.
Draft
SA-4(2)
CCI-003106
Defines the level of detail for the implementation information of the security controls that is required to be provided by the developer of the information system, system component, or information system services.
Draft
SA-4(2)
CCI-003107
The organization requires the developer of the information system, system component, or information system service to demonstrate the use of a system development life cycle that includes organization-defined state-of-the-practice system/security engineering methods, software development methods, testing/evaluation/validation techniques, and quality control processes.
Draft
SA-4(3)
CCI-003108
The organization defines the state-of-the-practice system/security engineering methods, software development methods, testing/evaluation/validation techniques, and quality control processes that the developer of the information system, system component, or information system service is required to include when demonstrating the use of a system development life cycle.
Draft
SA-4(3)
CCI-003109
Require the developer of the system, system component, or system service to deliver the system, component, or service with organization-defined security configurations implemented.
Draft
SA-4(5)
CCI-003110
Defines the security configurations required to be implemented when the developer delivers the system, system component, or system service.
Draft
SA-4(5)
CCI-003111
Requires the developer of the system, system component, or system service to use the configurations as the default for any subsequent system, component, or service reinstallation or upgrade.
Draft
SA-4(5)
CCI-003112
Require the developer of the system, system component, or system service to produce a plan for the continuous monitoring of control effectiveness that is consistent with the continuous monitoring program of the organization.
Draft
SA-4(8)
CCI-003113
The organization defines the level of detail to be contained in the plan for the continuous monitoring of security control effectiveness that the developer of the information system, system component, or information system services is required to produce.
Draft
SA-4(8)
CCI-003114
Require the developer of the system, system component, or system service to identify the functions, ports, protocols, and services intended for organizational use.
Draft
SA-4(9)
CCI-003115
The organization requires the developer of the information system, system component, or information system service to identify early in the system development life cycle, the functions, ports, protocols, and services intended for organizational use.
Deprecated
SA-4(9)
CCI-003116
Employ only information technology products on the FIPS 201-approved products list for Personal Identity Verification (PIV) capability implemented within organizational systems.
Draft
SA-4(10)
CCI-003117
Centrally manage organization-defined controls and related processes.
Draft
PL-9
CCI-003118
Defines the controls and related processes to be centrally managed.
Draft
PL-9
CCI-003119
Employ a technical surveillance countermeasures survey at organization-defined locations on an organization-defined frequency or when organization-defined events or indicators occur.
Draft
RA-6
CCI-003120
Defines the locations where technical surveillance countermeasures surveys are to be employed.
Draft
RA-6
Prev
1...
99
100
101
102
103
104
105
106
107
...172
Next