Xylok Scanner CCIs

Number	Definition	Status
CCI-004442	Implement acknowledgement of receipt of complaints, concerns, or questions from individuals within an organization-defined time period.	Draft
CCI-004443	Defines the time period for acknowledging the receipt of complaints, concerns, or questions from individuals.	Draft
CCI-004444	Implement response to complaints, concerns, or questions from individuals within an organization-defined time period.	Draft
CCI-004445	Defines the time period for response to complaints, concerns, or questions from individuals.	Draft
CCI-004446	Develop organization-defined privacy reports.	Draft
CCI-004447	Defines the privacy reports that are to be developed.	Draft
CCI-004448	Disseminate privacy reports to organization-defined oversight bodies to demonstrate accountability with statutory, regulatory, and policy privacy program mandates.	Draft
CCI-004449	Develop privacy reports for organization-defined officials and other personnel with responsibility for monitoring privacy program progress and compliance.	Draft
CCI-004450	Disseminate privacy reports for organization-defined officials and other personnel with responsibility for monitoring privacy program compliance.	Draft
CCI-004451	Defines the officials responsible for monitoring privacy program compliance.	Draft
CCI-004452	Review and update privacy reports on an organization-defined frequency.	Draft
CCI-004453	Defines the frequency of which the privacy reports are reviewed and updated.	Draft
CCI-004454	Identify and document assumptions affecting risk assessments, risk response, and risk monitoring.	Draft
CCI-004455	Identify and document constraints affecting risk assessments, risk response, and risk monitoring.	Draft
CCI-004456	Identify and document priorities and trade-offs considered by the organization for managing risk.	Draft
CCI-004457	Identify and document the organizational risk tolerance.	Draft
CCI-004458	Distribute the results of risk framing activities to organization-defined personnel.	Draft
CCI-004459	Defines the personnel to distribute the results of risk framing activities.	Draft
CCI-004460	Review and update risk framing considerations on an organization-defined frequency.	Draft
CCI-004461	Defines the frequency for reviewing and updating risk framing considerations.	Draft
CCI-004462	Appoint a Senior Accountable Official for Risk Management to align organizational information security management processes with strategic, operational, and budgetary planning processes.	Draft
CCI-004463	Appoint a Senior Accountable Official for Risk Management to align organizational information privacy management processes with strategic, operational, and budgetary planning processes.	Draft
CCI-004464	Establish a Risk Executive (function) to view and analyze risk from an organization-wide perspective.	Draft
CCI-004465	Establish a Risk Executive (function) to ensure management of risk is consistent across the organization.	Draft
CCI-004466	Develop an organization-wide strategy for managing supply chain risks associated with the development of systems, system components, and system services.	Draft
CCI-004467	Develop an organization-wide strategy for managing supply chain risks associated with the acquisition of systems, system components, and system services.	Draft
CCI-004468	Develop an organization-wide strategy for managing supply chain risks associated with the maintenance of systems, system components, and system services.	Draft
CCI-004469	Develop an organization-wide strategy for managing supply chain risks associated with the disposal of systems, system components, and system services.	Draft
CCI-004470	Implement the supply chain risk management strategy consistently across the organization.	Draft
CCI-004471	Review and update the supply chain risk management strategy on an organization-defined frequency or as required, to address organizational changes.	Draft