An error occurred:
Close sidebar
Xylok
Home Menu
info@xylok.io
© 2025
Xylok, LLC
Version: bugfix-XSS-85-d5bffe - rmfrev4
Xylok
Home Menu
info@xylok.io
© 2025
Xylok, LLC
Version: bugfix-XSS-85-d5bffe - rmfrev4
Open sidebar
Navigate
Top
Search
CCIs (
5137
)
Pages (
106/172
)
CCIs
Number
Definition
Status
Related
CCI-003181
Require the developer of the system, system component, or system service to perform threat modeling and vulnerability analyses during development.
Draft
SA-11(2)
CCI-003182
Require the developer of the system, system component, or system service to perform threat modeling and vulnerability analysis during subsequent testing and evaluation of the system, component, or service.
Draft
SA-11(2)
CCI-003183
Require an independent agent satisfying organization-defined independence criteria to verify the correct implementation of the developer security assessment plan.
Draft
SA-11(3)
CCI-003184
Require an independent agent satisfying organization-defined independence criteria to verify the evidence produced during security testing and evaluation.
Draft
SA-11(3)
CCI-003185
Defines the independence criteria the independent agent must satisfy prior to verifying the correct implementation of the developer security assessment plan and the evidence produced during security testing and evaluation.
Draft
SA-11(3)
CCI-003186
Verify that the independent agent either is provided with sufficient information to complete the verification process or has been granted the authority to obtain such information.
Draft
SA-11(3)
CCI-003187
Require the developer of the system, system component, or system service to perform a manual code review of organization-defined specific code using organization-defined processes, procedures, and/or techniques.
Draft
SA-11(4)
CCI-003188
Defines the specific code for which the developer of the system, system component, or system service is required to perform a manual code review using organization-defined process, procedures, and/or techniques.
Draft
SA-11(4)
CCI-003189
Defines the processes, procedures, and/or techniques to be used by the developer of the system, system component, or system service to perform a manual code review of organization-defined specific code.
Draft
SA-11(4)
CCI-003190
The organization requires the developer of the information system, system component, or information system service to perform penetration testing at an organization-defined breadth/depth and with organization-defined constraints.
Draft
SA-11(5)
CCI-003191
Defines the breadth and depth at which the developer of the system, system component, or system service is required to perform penetration testing.
Draft
SA-11(5)
CCI-003192
Defines the constraints on penetration testing performed by the developer of the system, system component, or system service.
Draft
SA-11(5)
CCI-003193
Require the developer of the system, system component, or system service to perform attack surface reviews.
Draft
SA-11(6)
CCI-003194
Require the developer of the system, system component, or system service to verify that the scope of testing and evaluation provides complete coverage of required controls at an organization-defined depth of testing and evaluation.
Draft
SA-11(7)
CCI-003195
Defines the depth of testing and evaluation to which the developer of the system, system component, or system service is required to verify that the scope of security testing and evaluation provides complete coverage of the required controls.
Draft
SA-11(7)
CCI-003196
Require the developer of the system, system component, or system service to employ dynamic code analysis tools to identify common flaws.
Draft
SA-11(8)
CCI-003197
Require the developer of the system, system component, or system service to document the results of the dynamic code analysis.
Draft
SA-11(8)
CCI-003198
The organization employs organization-defined tailored acquisition strategies, contract tools, and procurement methods for the purchase of the information system, system component, or information system service from suppliers.
Draft
SA-12(1)
CCI-003199
The organization defines tailored acquisition strategies, contract tools, and procurement methods to employ for the purchase of the information system, system component, or information system service from suppliers.
Draft
SA-12(1)
CCI-003200
The organization conducts a supplier review prior to entering into a contractual agreement to acquire the information system, system component, or information system service.
Draft
SA-12(2)
CCI-003201
The organization employs organization-defined security safeguards to limit harm from potential adversaries identifying and targeting the organizational supply chain.
Draft
SA-12(5)
CCI-003202
The organization defines security safeguards to employ to limit harm from potential adversaries identifying and targeting the organizational supply chain.
Draft
SA-12(5)
CCI-003203
The organization conducts an assessment of the information system, system component, or information system service prior to selection, acceptance, or update.
Draft
SA-12(7)
CCI-003204
The organization conducts an assessment of the information system, system component, or information system service prior to selection, acceptance, or update.
Deprecated
SA-12(7)
CCI-003205
The organization uses all-source intelligence analysis of suppliers and potential suppliers of the information system, system component, or information system service.
Draft
SA-12(8)
CCI-003206
The organization employs organization-defined Operations Security (OPSEC) safeguards in accordance with classification guides to protect supply chain-related information for the information system, system component, or information system service.
Draft
SA-12(9)
CCI-003207
The organization employs organization-defined tailored acquisition strategies, contract tools, and procurement methods for the purchase of the information system, system component, or information system service from suppliers.
Deprecated
SA-12(1)
CCI-003208
The organization employs organization-defined tailored acquisition strategies, contract tools, and procurement methods for the purchase of the information system, system component, or information system service from suppliers.
Deprecated
SA-12(1)
CCI-003209
The organization employs organization-defined tailored acquisition strategies, contract tools, and procurement methods for the purchase of the information system, system component, or information system service from suppliers.
Deprecated
SA-12(1)
CCI-003210
The organization defines the Operations Security (OPSEC) safeguards to be employed in accordance with classification guides to protect supply chain-related information for the information system, system component, or information system service.
Draft
SA-12(9)
Prev
1...
102
103
104
105
106
107
108
109
110
...172
Next