Xylok Scanner CCIs

Number	Definition	Status
CCI-004982	Provide visibility into network traffic at external and key internal system interfaces to optimize the effectiveness of monitoring devices.	Draft
CCI-004983	Defines the automated mechanisms for broadcasting security alert and advisory information.	Draft
CCI-004984	Defines the privacy functions that require verification of correct operation.	Draft
CCI-004985	Verify correct operation of organization-defined privacy functions.	Draft
CCI-004986	Defines the frequency at which it will verify correct operation of organization-defined privacy functions.	Draft
CCI-004987	Defines the system transitional states when the system will verify correct operation of organization-defined privacy functions.	Draft
CCI-004988	Perform verification of the correct operation of organization-defined privacy functions: when the system is in an organization-defined transitional state; upon command by a user with appropriate privileges; and/or on an organization-defined frequency.	Draft
CCI-004989	Alert organization-defined personnel or roles of failed privacy verification tests.	Draft
CCI-004990	Defines the personnel or roles to be notified when privacy verification tests fail.	Draft
CCI-004991	Defines alternative action(s) to be taken when anomalies in the operation of organization-defined privacy functions are discovered.	Draft
CCI-004992	Shut the system down, restart the system, and/or initiate organization-defined alternative action(s) when anomalies in the operation of the organization-defined privacy functions are discovered.	Draft
CCI-004993	Implement automated mechanisms to support the management of distributed privacy function testing.	Draft
CCI-004994	Report the results of privacy function verification to organization-defined personnel or roles.	Draft
CCI-004995	Defines the personnel or roles that are to receive reports on the results of privacy function verification.	Draft
CCI-004996	Take organization-defined actions when unauthorized changes to the software, firmware, and information are detected.	Draft
CCI-004997	Defines the actions to be taken when unauthorized changes to the software, firmware, and information are detected.	Draft
CCI-004998	Implement organization-defined controls for application self-protection at runtime.	Draft
CCI-004999	Defines the controls to be implemented for runtime application self-protection.	Draft
CCI-005000	Update spam protection mechanisms when new releases are available in accordance with organizational configuration management policy.	Draft
CCI-005001	Update spam protection mechanisms when new releases are available in accordance with organizational configuration management procedures.	Draft
CCI-005002	Defines the frequency for updating spam protection mechanisms.	Draft
CCI-005003	Prevent untrusted data injections.	Draft
CCI-005004	Limit personally identifiable information being processed in the information life cycle to the organization-defined elements of personally identifiable information.	Draft
CCI-005005	Defines the elements of personally identifiable information being processed in the information life cycle.	Draft
CCI-005006	Use organization-defined techniques to minimize the use of personally identifiable information for research, testing, or training, in accordance with the privacy risk assessment.	Draft
CCI-005007	Defines the techniques for minimizing the use of personally identifiable information for research, testing, or training.	Draft
CCI-005008	Use organization-defined techniques to dispose of, destroy, or erase information following the retention period.	Draft
CCI-005009	Defines the percentage of the mean time to failure used to manually initiate transfer between active and standby system components.	Draft
CCI-005010	Defines the action to be taken when system failures are detected.	Draft
CCI-005011	Refresh organization-defined information on an organization-defined frequency, or generate organization-defined information on demand.	Draft