An error occurred:
Close sidebar
Xylok
Home Menu
info@xylok.io
© 2025
Xylok, LLC
Version: bugfix-XSS-85-d5bffe - rmfrev4
Xylok
Home Menu
info@xylok.io
© 2025
Xylok, LLC
Version: bugfix-XSS-85-d5bffe - rmfrev4
Open sidebar
Navigate
Top
Search
CCIs (
5137
)
Pages (
105/172
)
CCIs
Number
Definition
Status
Related
CCI-003151
Defines external service providers whose interests are consistent with and reflect organizational interests.
Draft
SA-9(4)
CCI-003152
Restrict the location of information processing, information or data, and/or system services to organization-defined locations based on organization-defined requirements or conditions.
Draft
SA-9(5)
CCI-003153
Defines the locations for which to restrict information processing, information or data, and/or system services based on organization-defined requirements or conditions.
Draft
SA-9(5)
CCI-003154
Defines the requirements or conditions on which to base restricting the location of information processing, information or data, and/or system services to organization-defined locations.
Draft
SA-9(5)
CCI-003155
Require the developer of the system, system component, or system service to perform configuration management during system, component, or service design, development, implementation, operation and/or disposal.
Draft
SA-10
CCI-003156
Require the developer of the system, system component, or system service to document the integrity of changes to organization-defined configuration items under configuration management.
Draft
SA-10
CCI-003157
Require the developer of the system, system component, or system service to manage the integrity of changes to organization-defined configuration items under configuration management.
Draft
SA-10
CCI-003158
Require the developer of the system, system component, or system service to control the integrity of changes to organization-defined configuration items under configuration management.
Draft
SA-10
CCI-003159
Defines the configuration items under configuration management that require the integrity of changes to be documented, managed and controlled.
Draft
SA-10
CCI-003160
Require the developer of the system, system component, or system service to document the potential security impacts of approved changes to the system, component, or service.
Draft
SA-10
CCI-003161
Require the developer of the system, system component, or system service to track security flaws within the system, component, or service.
Draft
SA-10
CCI-003162
Require the developer of the system, system component, or system service to track flaw resolution within the system, component, or service.
Draft
SA-10
CCI-003163
Require the developer of the system, system component, or system service to report findings of security flaws and flaw resolution within the system, component, or service to organization-defined personnel.
Draft
SA-10
CCI-003164
Defines the personnel to whom security flaw findings and flaw resolution within the system, component, or service are reported.
Draft
SA-10
CCI-003165
Require the developer of the system, system component, or system service to enable integrity verification of hardware components.
Draft
SA-10(3)
CCI-003166
Require the developer of the system, system component, or system service to employ tools for comparing newly generated versions of security-relevant hardware descriptions with previous versions.
Draft
SA-10(4)
CCI-003167
Require the developer of the system, system component, or system service to employ tools for comparing newly generated versions of source code with previous versions.
Draft
SA-10(4)
CCI-003168
Require the developer of the system, system component, or system service to employ tools for comparing newly generated versions of object code with previous versions.
Draft
SA-10(4)
CCI-003169
Require the developer of the system, system component, or system service to maintain the integrity of the mapping between the master build data describing the current version of security-relevant hardware, software, and firmware and the on-site master copy of the data for the current version.
Draft
SA-10(5)
CCI-003170
Require the developer of the system, system component, or system service to execute procedures for ensuring that security-relevant hardware, software, and firmware updates distributed to the organization are exactly as specified by the master copies.
Draft
SA-10(6)
CCI-003171
Require the developer of the system, system component, or system service, at all post-design phases of the system development life cycle, to develop a plan for ongoing security control assessment.
Draft
SA-11
CCI-003172
Require the developer of the system, system component, or system service to implement a plan for ongoing security control assessment.
Draft
SA-11
CCI-003173
Requires the developer of the system, system component, or system service, at all post-design phases of the system development life cycle, to perform unit, integration, system, and/or regression testing/evaluation on an organization-defined frequency, at an organization-defined depth and coverage.
Draft
SA-11
CCI-003174
Defines the depth and coverage at which to perform unit, integration, system, and/or regression testing/evaluation on an organization-defined frequency.
Draft
SA-11
CCI-003175
Requires the developer of the system, system component, or system service, at all post-design phases of the system development life cycle, to produce evidence of the execution of the assessment plan.
Draft
SA-11
CCI-003176
Requires the developer of the system, system component, or system service, at all post-design phases of the system development life cycle, to produce the results of the testing and evaluation.
Draft
SA-11
CCI-003177
Requires the developer of the system, system component, or system service, at all post-design phases of the system development life cycle, to implement a verifiable flaw remediation process.
Draft
SA-11
CCI-003178
Requires the developer of the system, system component, or system service, at all post-design phases of the system development life cycle, to correct flaws identified during testing/evaluation.
Draft
SA-11
CCI-003179
Require the developer of the system, system component, or system service to employ static code analysis tools to identify common flaws.
Draft
SA-11(1)
CCI-003180
Require the developer of the system, system component, or system service to document the results of static code analysis.
Draft
SA-11(1)
Prev
1...
101
102
103
104
105
106
107
108
109
...172
Next