An error occurred:
Close sidebar
Xylok
Home Menu
info@xylok.io
© 2025
Xylok, LLC
Version: releases-v2025.11.1 - rmfrev5
Xylok
Home Menu
info@xylok.io
© 2025
Xylok, LLC
Version: releases-v2025.11.1 - rmfrev5
Open sidebar
Navigate
Top
Search
CCIs (
5137
)
Pages (
128/172
)
CCIs
Number
Definition
Status
Related
CCI-003842
Defines the automated mechanisms for monitoring open-source information.
Draft
AU-13(1)
CCI-003843
Employ discovery techniques, processes, and tools to determine if external entities are replicating organizational information in an unauthorized manner.
Draft
AU-13(3)
CCI-003844
Implement the capability for organization-defined users or roles to select a user session to record; view; hear; and/or log the content of a user session under organization-defined circumstances.
Draft
AU-14
CCI-003845
Defines users or roles who will provide and implement the capability to record; view; hear; and/or log the content of a user session under organization-defined circumstances.
Draft
AU-14
CCI-003846
Defines the circumstances to record; view; hear; and/or log the content of a user session.
Draft
AU-14
CCI-003847
Develop, integrate, and use session auditing activities in consultation with legal counsel and in accordance with applicable laws, executive orders, directives, regulations, policies, standards, and guidelines.
Draft
AU-14
CCI-003848
Implement the capability for authorized users to remotely view and hear content related to an established user session in real time.
Draft
AU-14(3)
CCI-003849
Disseminate an organization-level; mission/business process; system-level assessment, authorization, and monitoring policy that is consistent with applicable laws, Executive Orders, directives, regulations, policies, standards, and guidelines.
Draft
CA-1
CCI-003850
Defines the personnel or roles to whom the assessment, authorization, and monitoring policy is to be disseminated.
Draft
CA-1
CCI-003851
Designate an organization-defined official to manage the development and documentation of the assessment, authorization, and monitoring policy.
Draft
CA-1
CCI-003852
Designate an organization-defined official to manage the development and documentation of the assessment, authorization, and monitoring procedures.
Draft
CA-1
CCI-003853
Designate an organization-defined official to manage the dissemination of the assessment, authorization, and monitoring policy.
Draft
CA-1
CCI-003854
Designate an organization-defined official to manage the dissemination of the assessment, authorization, and monitoring procedures.
Draft
CA-1
CCI-003855
Review and update the current assessment, authorization, and monitoring policy following organization-defined events.
Draft
CA-1
CCI-003856
Defines the events following reviewing and updating the current assessment, authorization, and monitoring policy.
Draft
CA-1
CCI-003857
Review and update the current assessment and authorization procedures following organization-defined events.
Draft
CA-1
CCI-003858
Defines the events following reviewing and updating the current assessment, authorization, and monitoring procedures.
Draft
CA-1
CCI-003859
Select the appropriate assessor or assessment team for the type of assessment to be conducted.
Draft
CA-2
CCI-003860
Ensure the control assessment plan is reviewed and approved by the authorizing official or designated representative prior to conducting the assessment.
Draft
CA-2
CCI-003861
Assess the controls in the systems and its environment of operation on an organization-defined frequency, to determine the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting the privacy requirements.
Draft
CA-2
CCI-003862
Approve and manage the exchange of information between the system and other systems using interconnection security agreements; information exchange security agreements; memoranda of understanding or agreement; service level agreements; user agreement; and/or nondisclosure agreements with an organization-defined type of agreement.
Draft
CA-3
CCI-003863
Document, as part of each exchange agreement, the privacy requirements, controls and responsibilities for each system, and the impact level of the information communicated.
Draft
CA-3
CCI-003864
Verify that individuals or systems transferring data between interconnecting systems have the requisite authorizations (i.e., write permissions or privileges) prior to accepting such data.
Draft
CA-3(6)
CCI-003865
Identify transitive (downstream) information exchanges with other systems through the systems identified in CA-3a.
Draft
CA-3(7)
CCI-003866
Take measures to ensure that transitive (downstream) information exchanges cease when the controls on identified transitive (downstream) systems cannot be verified or validated.
Draft
CA-3(7)
CCI-003867
Defines the automated mechanisms to ensure the accuracy, currency, and availability of the plan of actions and milestones.
Draft
CA-5(1)
CCI-003868
Assign a senior official as the authorizing official for common controls available for inheritance by organizational systems.
Draft
CA-6
CCI-003869
Ensure the authorizing official accepts the use of common controls inherited by the system, before commencing operations.
Draft
CA-6
CCI-003870
Ensure that the authorizing official for common controls authorizes the use of those controls for inheritance by organizational systems.
Draft
CA-6
CCI-003871
Employ a joint authorization process for the system that includes multiple authorizing officials from the same organization conducting the authorization.
Draft
CA-6(1)
Prev
1...
124
125
126
127
128
129
130
131
132
...172
Next