An error occurred:

CCIs

Number Definition Status Related
CCI-003872 Employ a joint authorization process for the system that includes multiple authorizing officials with at least one authorizing official from an organization external to the organization conducting the authorization. Draft
CCI-003873 Implement continuous monitoring in accordance with the organization-level continuous monitoring strategy. Draft
CCI-003874 Defines the system-level metrics to be monitored. Draft
CCI-003875 Establish organization-defined frequencies for assessment of control effectiveness. Draft
CCI-003876 Defines the frequencies for monitoring of control effectiveness. Draft
CCI-003877 Defines the frequencies for assessment of control effectiveness. Draft
CCI-003878 Develop ongoing control assessments in accordance with the continuous monitoring strategy. Draft
CCI-003879 Implement a continuous monitoring program that includes reporting the privacy status to organization-defined personnel or roles on an organization-defined frequency. Draft
CCI-003880 Defines the frequency with which to report the privacy status to organization-defined personnel or roles. Draft
CCI-003881 Ensure risk monitoring is an integral part of the continuous monitoring strategy that includes effectiveness monitoring. Draft
CCI-003882 Ensure risk monitoring is an integral part of the continuous monitoring strategy that includes compliance monitoring. Draft
CCI-003883 Ensure risk monitoring is an integral part of the continuous monitoring strategy that includes change monitoring. Draft
CCI-003884 Employ organization-defined actions to validate that policies are established. Draft
CCI-003885 Employ organization-defined actions to validate that implemented controls are operating in a consistent manner. Draft
CCI-003886 Defines the actions used to validate policies. Draft
CCI-003887 Ensure the accuracy, currency, and availability of monitoring results for the system using organization-defined automated mechanisms. Draft
CCI-003888 Defines the automated mechanisms for ensuring accuracy, currency, and availability of monitoring results. Draft
CCI-003889 Employ a penetration testing process, on an organization-defined frequency, that includes announced or unannounced attempts to bypass or circumvent controls associated with physical access points to the facility. Draft
CCI-003890 Defines the frequency the penetration testing process will be employed. Draft
CCI-003891 Document, for each internal connection, the privacy requirements. Draft
CCI-003892 Terminate internal system connections after organization-defined conditions. Draft
CCI-003893 Defines the conditions for terminating internal system connections. Draft
CCI-003894 Review on an organization-defined frequency the continued need for each internal connection. Draft
CCI-003895 Defines the frequency for reviewing each internal connection. Draft
CCI-003896 Perform privacy compliance checks on constituent components prior to the establishment of the internal connection. Draft
CCI-003897 Develop and document an organization-level; mission/business process-level; and/or system-level configuration management policy that is consistent with applicable laws, Executive Orders, directives, regulations, policies, standards, and guidelines. Draft
CCI-003898 Defines the official to manage the development, documentation, and dissemination of the configuration management policy. Draft
CCI-003899 Designate an organization-defined official to manage the development and documentation of the configuration management policy. Draft
CCI-003900 Designate an organization-defined official to manage the dissemination of the configuration management policy. Draft
CCI-003901 Defines the official to manage the development, documentation, and dissemination of the configuration management procedures. Draft