An error occurred:
Close sidebar
Xylok
Home Menu
info@xylok.io
© 2025
Xylok, LLC
Version: bugfix-XSS-85-d5bffe - rmfrev4
Xylok
Home Menu
info@xylok.io
© 2025
Xylok, LLC
Version: bugfix-XSS-85-d5bffe - rmfrev4
Open sidebar
Navigate
Top
Search
CCIs (
5137
)
Pages (
109/172
)
CCIs
Number
Definition
Status
Related
CCI-003271
The organization defines the acceptance criteria that must be met when vulnerability analysis of the information system is performed by the developer.
Draft
SA-15(4)
CCI-003272
Require the developer of the system, system component, or system service to reduce attack surfaces to organization-defined thresholds.
Draft
SA-15(5)
CCI-003273
Defines the thresholds to which the developer of the system, system component, or system service is required to reduce attack surfaces.
Draft
SA-15(5)
CCI-003274
Require the developer of the system, system component, or system service to implement an explicit process to continuously improve the development process.
Draft
SA-15(6)
CCI-003275
Require the developer of the system, system component, or system services, on an organization-defined frequency, to perform an automated vulnerability analysis using organization-defined tools.
Draft
SA-15(7)
CCI-003276
Defines the tools the developer of the system, system component, or system services uses to perform an automated vulnerability analysis.
Draft
SA-15(7)
CCI-003277
Require the developer of the system, system component, or system services, on an organization-defined frequency, to determine the exploitation potential for discovered vulnerabilities.
Draft
SA-15(7)
CCI-003278
Require the developer of the system, system component, or system services, on an organization-defined frequency, to determine potential risk mitigations for delivered vulnerabilities.
Draft
SA-15(7)
CCI-003279
Require the developer of the system, system component, or system services, on an organization-defined frequency, to deliver the outputs of the tools and results of the vulnerability analysis to organization-defined personnel or roles.
Draft
SA-15(7)
CCI-003280
Defines the personnel or roles to whom the outputs of the tools and results of the vulnerability analysis are delivered.
Draft
SA-15(7)
CCI-003281
Require the developer of the system, system component, or system service to use threat modeling from similar systems, components, or services to inform the current development process.
Draft
SA-15(8)
CCI-003282
Require the developer of the system, system component, or system service to use vulnerability analysis from similar systems, components, or services to inform the current development process.
Draft
SA-15(8)
CCI-003283
The organization approves the use of live data in development environments for the information system, system component, or information system service.
Draft
SA-15(9)
CCI-003284
The organization approves the use of live data in test environments for the information system, system component, or information system service.
Draft
SA-15(9)
CCI-003285
The organization documents the use of live data in development environments for the information system, system component, or information system service.
Draft
SA-15(9)
CCI-003286
The organization documents the use of live data in test environments for the information system, system component, or information system service.
Draft
SA-15(9)
CCI-003287
The organization controls the use of live data in development environments for the information system, system component, or information system service.
Draft
SA-15(9)
CCI-003288
The organization controls the use of live data in test environments for the information system, system component, or information system service.
Draft
SA-15(9)
CCI-003289
Require the developer of the system, system component, or system service to provide an incident response plan.
Draft
SA-15(10)
CCI-003290
Require the developer of the system or system component to archive the system or component to be released or delivered together with the corresponding evidence supporting the final security review.
Draft
SA-15(11)
CCI-003291
Require the developer of the system, system component, or system service to provide organization-defined training on the correct use and operation of the implemented security functions, controls, and/or mechanisms.
Draft
SA-16
CCI-003292
Defines the training the developer of the system, system component, or system service is required to provide on the correct use and operation of the implemented security functions, controls, and/or mechanisms.
Draft
SA-16
CCI-003293
Require the developer of the system, system component, or system service to produce a design specification and security architecture.
Draft
SA-17
CCI-003294
Require the developer of the system, system component, or system service to produce a design specification and security architecture that is consistent with and supportive of the organization's security architecture which is established within and is an integrated part of the organization's enterprise architecture.
Draft
SA-17
CCI-003295
Require the developer of the system, system component, or system service to produce a design specification and security architecture that accurately and completely describes the required security functionality.
Draft
SA-17
CCI-003296
Require the developer of the system, system component, or system service to produce a design specification and security architecture that accurately and completely describes the allocation of security controls among physical and logical components.
Draft
SA-17
CCI-003297
Require the developer of the system, system component, or system service to produce a design specification and security architecture that expresses how individual security functions, mechanisms, and services work together to provide required security capabilities and a unified approach to protection.
Draft
SA-17
CCI-003298
Require the developer of the system, system component, or system to produce, as an integral part of the development process, a formal policy model describing the organization-defined elements of organizational security policy to be enforced.
Draft
SA-17(1)
CCI-003299
Defines the elements of organizational security policy to be described in the formal policy model for enforcement on the system, system component, or system service.
Draft
SA-17(1)
CCI-003300
Require the developer of the system, system component, or system service to prove that the formal policy model is internally consistent and sufficient to enforce the defined elements of the organizational security policy when implemented.
Draft
SA-17(1)
Prev
1...
105
106
107
108
109
110
111
112
113
...172
Next