An error occurred:
Close sidebar
Xylok
Home Menu
info@xylok.io
© 2025
Xylok, LLC
Version: bugfix-XSS-85-d5bffe - rmfrev4
Xylok
Home Menu
info@xylok.io
© 2025
Xylok, LLC
Version: bugfix-XSS-85-d5bffe - rmfrev4
Open sidebar
Navigate
Top
Search
CCIs (
5137
)
Pages (
11/172
)
CCIs
Number
Definition
Status
Related
CCI-000301
Maintain current configuration of the system using organization-defined automated mechanisms.
Draft
CM-2(2)
CCI-000302
Maintain accurate configuration of the system using organization-defined automated mechanisms.
Draft
CM-2(2)
CCI-000303
Maintain available configuration of the system using organization-defined automated mechanisms.
Draft
CM-2(2)
CCI-000304
Retain organization-defined number of previous versions of baseline configurations of the system to support rollback.
Draft
CM-2(3)
CCI-000305
The organization develops a list of software programs not authorized to execute on the information system.
Draft
CCI-000306
The organization maintains the list of software programs not authorized to execute on the information system.
Draft
CCI-000307
The organization employs an allow-all, deny-by-exception authorization policy to identify software allowed to execute on the information system.
Draft
CCI-000308
The organization develops the list of software programs authorized to execute on the information system.
Draft
CCI-000309
The organization maintains the list of software programs authorized to execute on the information system.
Draft
CCI-000310
The organization employs a deny-all, permit-by-exception authorization policy to identify software allowed to execute on the information system.
Draft
CCI-000311
Maintain a baseline configuration for system development environments that is managed separately from the operational baseline configuration.
Draft
CM-2(6)
CCI-000312
Maintain a baseline configuration for system test environments that is managed separately from the operational baseline configuration.
Draft
CM-2(6)
CCI-000313
Determine and document the types of changes to the system that are configuration-controlled.
Draft
CM-3
CCI-000314
Approve or disapprove configuration-controlled changes to the system, with explicit consideration for security impact analyses.
Draft
CM-3
CCI-000315
The organization documents approved configuration-controlled changes to the system.
Draft
CCI-000316
Retain records of configuration-controlled changes to the system for an organization-defined time period.
Draft
CM-3
CCI-000317
The organization reviews records of configuration-controlled changes to the system.
Draft
CCI-000318
Monitor and review activities associated with configuration-controlled changes to the system.
Draft
CM-3
CCI-000319
Coordinate and provides oversight for configuration change control activities through an organization-defined configuration change control element that convenes at the organization-defined frequency, and/or for any organization-defined configuration change conditions.
Draft
CM-3
CCI-000320
Defines the frequency with which to convene the configuration change control element.
Draft
CM-3
CCI-000321
Defines configuration change conditions that prompt the configuration change control element to convene.
Draft
CM-3
CCI-000322
Use organization-defined automated mechanisms to document proposed changes to the system.
Draft
CM-3(1)
CCI-000323
Use organization-defined automated mechanisms to notify organization-defined approval authorities of proposed changes to the system and request change approval.
Draft
CM-3(1)
CCI-000324
Use organization-defined automated mechanisms to highlight proposed changes to the system that have not been approved or disapproved by an organization-defined time period.
Draft
CM-3(1)
CCI-000325
Use organization-defined automated mechanisms to prohibit changes to the system until designated approvals are received.
Draft
CM-3(1)
CCI-000326
Use organization-defined automated mechanisms to document all changes to the system.
Draft
CM-3(1)
CCI-000327
Tests changes to the system before finalizing the implementation of the changes.
Draft
CM-3(2)
CCI-000328
Validate changes to the system before finalizing the implementation of the changes.
Draft
CM-3(2)
CCI-000329
Document changes to the system before finalizing the implementation of the changes.
Draft
CM-3(2)
CCI-000330
Implement changes to the current system baseline using organization-defined automated mechanisms.
Draft
CM-3(3)
Prev
1...
7
8
9
10
11
12
13
14
15
...172
Next