An error occurred:
Close sidebar
Xylok
Home Menu
info@xylok.io
© 2025
Xylok, LLC
Version: bugfix-XSS-85-d5bffe - rmfrev4
Xylok
Home Menu
info@xylok.io
© 2025
Xylok, LLC
Version: bugfix-XSS-85-d5bffe - rmfrev4
Open sidebar
Navigate
Top
Search
CCIs (
5137
)
Pages (
128/172
)
CCIs
Number
Definition
Status
Related
CCI-003842
Defines the automated mechanisms for monitoring open-source information.
Draft
CCI-003843
Employ discovery techniques, processes, and tools to determine if external entities are replicating organizational information in an unauthorized manner.
Draft
CCI-003844
Implement the capability for organization-defined users or roles to select a user session to record; view; hear; and/or log the content of a user session under organization-defined circumstances.
Draft
CCI-003845
Defines users or roles who will provide and implement the capability to record; view; hear; and/or log the content of a user session under organization-defined circumstances.
Draft
CCI-003846
Defines the circumstances to record; view; hear; and/or log the content of a user session.
Draft
CCI-003847
Develop, integrate, and use session auditing activities in consultation with legal counsel and in accordance with applicable laws, executive orders, directives, regulations, policies, standards, and guidelines.
Draft
CCI-003848
Implement the capability for authorized users to remotely view and hear content related to an established user session in real time.
Draft
CCI-003849
Disseminate an organization-level; mission/business process; system-level assessment, authorization, and monitoring policy that is consistent with applicable laws, Executive Orders, directives, regulations, policies, standards, and guidelines.
Draft
CCI-003850
Defines the personnel or roles to whom the assessment, authorization, and monitoring policy is to be disseminated.
Draft
CCI-003851
Designate an organization-defined official to manage the development and documentation of the assessment, authorization, and monitoring policy.
Draft
CCI-003852
Designate an organization-defined official to manage the development and documentation of the assessment, authorization, and monitoring procedures.
Draft
CCI-003853
Designate an organization-defined official to manage the dissemination of the assessment, authorization, and monitoring policy.
Draft
CCI-003854
Designate an organization-defined official to manage the dissemination of the assessment, authorization, and monitoring procedures.
Draft
CCI-003855
Review and update the current assessment, authorization, and monitoring policy following organization-defined events.
Draft
CCI-003856
Defines the events following reviewing and updating the current assessment, authorization, and monitoring policy.
Draft
CCI-003857
Review and update the current assessment and authorization procedures following organization-defined events.
Draft
CCI-003858
Defines the events following reviewing and updating the current assessment, authorization, and monitoring procedures.
Draft
CCI-003859
Select the appropriate assessor or assessment team for the type of assessment to be conducted.
Draft
CCI-003860
Ensure the control assessment plan is reviewed and approved by the authorizing official or designated representative prior to conducting the assessment.
Draft
CCI-003861
Assess the controls in the systems and its environment of operation on an organization-defined frequency, to determine the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting the privacy requirements.
Draft
CCI-003862
Approve and manage the exchange of information between the system and other systems using interconnection security agreements; information exchange security agreements; memoranda of understanding or agreement; service level agreements; user agreement; and/or nondisclosure agreements with an organization-defined type of agreement.
Draft
CCI-003863
Document, as part of each exchange agreement, the privacy requirements, controls and responsibilities for each system, and the impact level of the information communicated.
Draft
CCI-003864
Verify that individuals or systems transferring data between interconnecting systems have the requisite authorizations (i.e., write permissions or privileges) prior to accepting such data.
Draft
CCI-003865
Identify transitive (downstream) information exchanges with other systems through the systems identified in CA-3a.
Draft
CCI-003866
Take measures to ensure that transitive (downstream) information exchanges cease when the controls on identified transitive (downstream) systems cannot be verified or validated.
Draft
CCI-003867
Defines the automated mechanisms to ensure the accuracy, currency, and availability of the plan of actions and milestones.
Draft
CCI-003868
Assign a senior official as the authorizing official for common controls available for inheritance by organizational systems.
Draft
CCI-003869
Ensure the authorizing official accepts the use of common controls inherited by the system, before commencing operations.
Draft
CCI-003870
Ensure that the authorizing official for common controls authorizes the use of those controls for inheritance by organizational systems.
Draft
CCI-003871
Employ a joint authorization process for the system that includes multiple authorizing officials from the same organization conducting the authorization.
Draft
Prev
1...
124
125
126
127
128
129
130
131
132
...172
Next