Xylok Scanner CCIs

Number	Definition	Status
CCI-004652	Establish and maintain a cyber threat hunting capability to detect, track, and disrupt threats that evade existing controls.	Draft
CCI-004653	Employ the threat hunting capability on an organization-defined frequency.	Draft
CCI-004654	Defines the frequency for employing the threat hunting capability.	Draft
CCI-004655	Develop and document an organization-level; mission/business process-level; and/or system-level system and services acquisition policy that is consistent with applicable laws, Executive Orders, directives, regulations, polices, standards, and guidelines.	Draft
CCI-004656	Designate an organization-defined official to manage development and documentation of the system and services acquisition policy.	Draft
CCI-004657	Designate an organization-defined official to manage dissemination of the system and services acquisition policy.	Draft
CCI-004658	Defines the official designated to manage development and documentation of the system and services acquisition policy.	Draft
CCI-004659	Designate an organization-defined official to manage the development and documentation of the system and services acquisition procedures.	Draft
CCI-004660	Designate an organization-defined official to manage the dissemination of the system and services acquisition procedures.	Draft
CCI-004661	Defines the official designated to manage the system and services acquisition procedures.	Draft
CCI-004662	Review and update the current system and services acquisition policy following organization-defined events.	Draft
CCI-004663	Defines the events following reviewing and updating the current system and services acquisition policy.	Draft
CCI-004664	Review and update the current system and services acquisition procedures following organization-defined events.	Draft
CCI-004665	Defines the events following reviewing and updating the current system and services acquisition procedures.	Draft
CCI-004666	Determine the high-level information privacy requirements for the system or system service in mission and business process planning.	Draft
CCI-004667	Establish a discrete line item for information privacy in organizational programming documentation.	Draft
CCI-004668	Establish a discrete line item for information privacy in organizational budgeting documentation.	Draft
CCI-004669	Acquire the system using an organization-defined system development life cycle that incorporates information security considerations.	Draft
CCI-004670	Acquire the system using an organization-defined system development life cycle that incorporates information privacy considerations.	Draft
CCI-004671	Develop the system using an organization-defined system development life cycle that incorporates information security considerations.	Draft
CCI-004672	Develop the system using an organization-defined system development life cycle that incorporates information privacy considerations.	Draft
CCI-004673	Manage the system using an organization-defined system development life cycle that incorporates information privacy considerations.	Draft
CCI-004674	Defines a system development life cycle that is used to develop the system.	Draft
CCI-004675	Defines a system development life cycle that is used to acquire the system.	Draft
CCI-004676	Define and document information system privacy roles and responsibilities throughout the system development life cycle.	Draft
CCI-004677	Identify individuals having information system privacy roles and responsibilities.	Draft
CCI-004678	Integrate the organizational information privacy risk management process into system development life cycle activities.	Draft
CCI-004679	Protect system preproduction environments commensurate with risk throughout the system development life cycle for the system, system component, or system service.	Draft
CCI-004680	Approve the use of live data in preproduction environments for the system, system component, or system service.	Draft
CCI-004681	Document the use of live data in preproduction environments for the system, system component, or system service.	Draft