An error occurred:
Close sidebar
Xylok
Home Menu
info@xylok.io
© 2025
Xylok, LLC
Version: releases-v2025.11.1 - rmfrev5
Xylok
Home Menu
info@xylok.io
© 2025
Xylok, LLC
Version: releases-v2025.11.1 - rmfrev5
Open sidebar
Navigate
Top
Search
CCIs (
5137
)
Pages (
154/172
)
CCIs
Number
Definition
Status
Related
CCI-004622
Integrate risk management decisions from the organization.
Draft
RA-3
CCI-004623
Integrate mission or business process perspectives with system-level risk assessments.
Draft
RA-3
CCI-004624
Assess supply chain risks associated with organization-defined systems, system components, and system services.
Draft
RA-3(1)
CCI-004625
Defines the systems, system-components, and system services for assessing supply chain risks.
Draft
RA-3(1)
CCI-004626
Update the supply chain risk assessment on an organization-defined frequency when there are significant changes to the relevant supply chain, or when changes to the system, environments of operation, or other conditions may necessitate a change in the supply chain.
Draft
RA-3(1)
CCI-004627
Defines the frequency for updating the supply chain assessment.
Draft
RA-3(1)
CCI-004628
Use all-source intelligence to assist in the analysis of risk.
Draft
RA-3(2)
CCI-004629
Determine the current cyber threat environment on an ongoing basis using organization-defined means.
Draft
RA-3(3)
CCI-004630
Defines the means for determining the current threat environment.
Draft
RA-3(3)
CCI-004631
Employ organization-defined advanced automation and analytics capabilities to predict and identify risks to organization-defined systems or system components.
Draft
RA-3(4)
CCI-004632
Defines the advanced automation and analytics capabilities for predicting and identifying risks to organization-defined systems or system components.
Draft
RA-3(4)
CCI-004633
Defines the systems or system components for employing advanced automation and analytics capabilities.
Draft
RA-3(4)
CCI-004634
Employ vulnerability monitoring tools and techniques that facilitate interoperability among tools and automate parts of the vulnerability management process by using standards for: formatting checklists and test procedures.
Draft
RA-5
CCI-004635
Employ vulnerability monitoring tools and techniques that facilitate interoperability among tools and automate parts of the vulnerability management process by using standards for: measuring vulnerability impact.
Draft
RA-5
CCI-004636
Employ vulnerability monitoring tools that include the capability to readily update the vulnerabilities to be scanned.
Draft
RA-5
CCI-004637
Defines the automated mechanisms for comparing the results of multiple vulnerability scans.
Draft
RA-5(6)
CCI-004638
Defines the system in which will be identified for determining if a vulnerability has been exploited.
Draft
RA-5(8)
CCI-004639
Defines the time period for reviewing historic audit logs to determine if a vulnerability identified has been exploited.
Draft
RA-5(8)
CCI-004640
Establish a public reporting channel for receiving reports of vulnerabilities in organizational systems and system components.
Draft
RA-5(11)
CCI-004641
Respond to findings from security assessments.
Draft
RA-7
CCI-004642
Respond to findings from privacy assessments.
Draft
RA-7
CCI-004643
Respond to findings from monitoring.
Draft
RA-7
CCI-004644
Respond to findings from audits in accordance with organizational risk tolerance.
Draft
RA-7
CCI-004645
Conduct privacy impact assessments for systems, programs, or other activities before developing or procuring information technology that processes personally identifiable information.
Draft
RA-8
CCI-004646
Conduct privacy impact assessments for systems, programs, or other activities before initiating a new collection of personally identifiable information that will be processes using information technology.
Draft
RA-8
CCI-004647
Conduct privacy impact assessments for systems, programs, or other activities before initiating a new collection of personally identifiable information that includes personally identifiable information permitting the physical or virtual (online) contacting of a specific individual, if identical questions have been posed to, or identical reporting requirements imposed on, ten or more persons, other than agencies, instrumentalities, or employees of the Federal Government.
Draft
RA-8
CCI-004648
Identify critical system components and functions by performing a criticality analysis for organization-defined systems, system components, or system services at organization-defined decision points in the system development life cycle.
Draft
RA-9
CCI-004649
Defines the system, system components, or system services to perform a criticality analysis for identifying critical system components and functions.
Draft
RA-9
CCI-004650
Defines the decision points in the system development life cycle at which organization-defined system, system components, or system services to perform a criticality analysis for identifying critical system components and functions.
Draft
RA-9
CCI-004651
Establish and maintain a cyber threat hunting capability to search for indicators of compromise in organizational systems.
Draft
RA-10
Prev
1...
150
151
152
153
154
155
156
157
158
...172
Next