An error occurred:
Close sidebar
Xylok
Home Menu
info@xylok.io
© 2025
Xylok, LLC
Version: bugfix-XSS-85-d5bffe - rmfrev4
Xylok
Home Menu
info@xylok.io
© 2025
Xylok, LLC
Version: bugfix-XSS-85-d5bffe - rmfrev4
Open sidebar
Navigate
Top
Search
CCIs (
5137
)
Pages (
12/172
)
CCIs
Number
Definition
Status
Related
CCI-000331
Deploy the updated system baseline across the installed base using organization-defined automated mechanism.
Draft
CM-3(3)
CCI-000332
Require an organization-defined security representative to be a member of the organization-defined configuration change control element.
Draft
CM-3(4)
CCI-000333
Analyze changes to the system to determine potential security impacts prior to change implementation.
Draft
CM-4
CCI-000334
The organization analyzes new software in a separate test environment before installation in an operational environment.
Draft
CCI-000335
After system changes, verify that the impacted controls are implemented correctly, meeting the security requirements for the system.
Draft
CM-4(2)
CCI-000336
After system changes, verify that the impacted controls are operating as intended, meeting the security requirements for the system.
Draft
CM-4(2)
CCI-000337
After system changes, verify that the impacted controls are producing the desired outcome with regard to meeting the security requirements for the system.
Draft
CM-4(2)
CCI-000338
The organization defines physical access restrictions associated with changes to the information system.
Draft
CM-5
CCI-000339
The organization documents physical access restrictions associated with changes to the information system.
Draft
CM-5
CCI-000340
Approve physical access restrictions associated with changes to the system.
Draft
CM-5
CCI-000341
Enforce physical access restrictions associated with changes to the system.
Draft
CM-5
CCI-000342
The organization defines logical access restrictions associated with changes to the information system.
Draft
CM-5
CCI-000343
The organization documents logical access restrictions associated with changes to the information system.
Draft
CM-5
CCI-000344
Approve logical access restrictions associated with changes to the system.
Draft
CM-5
CCI-000345
Enforce logical access restrictions associated with changes to the system.
Draft
CM-5
CCI-000346
The organization employs automated mechanisms to enforce access restrictions.
Draft
CCI-000347
The organization employs automated mechanisms to support auditing of the enforcement actions.
Draft
CCI-000348
The organization defines a frequency with which to conduct reviews of information system changes.
Draft
CM-5(2)
CCI-000349
The organization reviews information system changes per organization-defined frequency to determine whether unauthorized changes have occurred.
Draft
CM-5(2)
CCI-000350
The organization reviews information system changes upon organization-defined circumstances to determine whether unauthorized changes have occurred.
Draft
CM-5(2)
CCI-000351
The organization defines critical software programs that the information system will prevent from being installed if such software programs are not signed with a recognized and approved certificate.
Draft
CCI-000352
The information system prevents the installation of organization-defined critical software programs that are not signed with a certificate that is recognized and approved by the organization.
Draft
CCI-000353
Defines system components requiring enforcement of a dual authorization for system changes.
Draft
CM-5(4)
CCI-000354
Enforce dual authorization for implementing changes to organization-defined system components.
Draft
CM-5(4)
CCI-000355
The organization limits information system developer/integrator privileges to change hardware components directly within a production environment.
Draft
CCI-000356
The organization limits information system developer/integrator privileges to change software components directly within a production environment.
Draft
CCI-000357
The organization limits information system developer/integrator privileges to change firmware components directly within a production environment.
Draft
CCI-000358
The organization limits information system developer/integrator privileges to change system information directly within a production environment.
Draft
CCI-000359
The organization defines the frequency to review information system developer/integrator privileges.
Draft
CCI-000360
The organization defines the frequency to reevaluate information system developer/integrator privileges.
Draft
Prev
1...
8
9
10
11
12
13
14
15
16
...172
Next