An error occurred:
Close sidebar
Xylok
Home Menu
info@xylok.io
© 2025
Xylok, LLC
Version: bugfix-XSS-85-d5bffe - rmfrev4
Xylok
Home Menu
info@xylok.io
© 2025
Xylok, LLC
Version: bugfix-XSS-85-d5bffe - rmfrev4
Open sidebar
Navigate
Top
Search
CCIs (
5137
)
Pages (
19/172
)
CCIs
Number
Definition
Status
Related
CCI-000541
Defines the frequency with which to test backup information to verify media reliability and information integrity.
Draft
CP-9(1)
CCI-000542
Test backup information per an organization-defined frequency to verify media reliability and information integrity.
Draft
CP-9(1)
CCI-000543
Use a sample of backup information in the restoration of selected system functions as part of contingency plan testing.
Draft
CP-9(2)
CCI-000544
The organization stores backup copies of the operating system in a separate facility or in a fire-rated container that is not colocated with the operational system.
Draft
CCI-000545
The organization stores backup copies of critical information system software in a separate facility or in a fire-rated container that is not colocated with the operational system.
Draft
CCI-000546
The organization stores backup copies of the information system inventory (including hardware, software, and firmware components) in a separate facility or in a fire-rated container that is not colocated with the operational system.
Draft
CCI-000547
Defines the time-period and transfer rate of the system backup information to the alternate storage site consistent with the recovery time and recovery point objectives.
Draft
CP-9(5)
CCI-000548
Transfer system backup information to the alternate storage site in accordance with the organization-defined time period and transfer rate consistent with the recovery time and recovery point objectives.
Draft
CP-9(5)
CCI-000549
Maintain a redundant secondary system that is not collocated with the primary system.
Draft
CP-9(6)
CCI-000550
The organization provides for the recovery and reconstitution of the information system to a known state after a disruption.
Draft
CP-10
CCI-000551
The organization provides for the recovery and reconstitution of the information system to a known state after a compromise.
Draft
CP-10
CCI-000552
The organization provides for the recovery and reconstitution of the information system to a known state after a failure.
Draft
CP-10
CCI-000553
Implement transaction recovery for systems that are transaction-based.
Draft
CP-10(2)
CCI-000554
The organization defines in the security plan, explicitly or by reference, the circumstances that can inhibit recovery and reconstitution of the information system to a known state.
Draft
CCI-000555
The organization provides compensating security controls for organization-defined circumstances that can inhibit recovery and reconstitution of the information system to a known state.
Draft
CCI-000556
Defines restoration time periods within which to restore system components from configuration-controlled and integrity-protected information representing a known, operational state for the components.
Draft
CP-10(4)
CCI-000557
Provide the capability to restore information system components within organization-defined restoration time periods from configuration-controlled and integrity-protected information representing a known, operational state for the components.
Draft
CP-10(4)
CCI-000558
Defines the real-time or near-real-time failover capability to be provided for the system.
Draft
SI-13(5)
CCI-000559
Provide real-time or near-real-time organization-defined failover capability for the system.
Draft
SI-13(5)
CCI-000560
The organization protects backup and restoration hardware.
Draft
CP-10(6)
CCI-000561
The organization protects backup and restoration firmware.
Draft
CP-10(6)
CCI-000562
The organization protects backup and restoration software.
Draft
CP-10(6)
CCI-000563
Develop and document an organization-level; mission/business process-level; and or system-level planning policy that addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance.
Draft
PL-1
CCI-000564
Disseminate an organization-level; mission/business process-level; and or system-level planning policy to organization-defined personnel or roles.
Draft
PL-1
CCI-000565
The organization reviews/updates, per organization-defined frequency, a formal, documented security planning policy.
Deprecated
CCI-000566
Develop and document procedures to facilitate the implementation of the planning policy and associated planning controls.
Draft
PL-1
CCI-000567
Disseminates planning procedures to organization-defined personnel or roles.
Draft
PL-1
CCI-000568
Review and update the current planning procedures in accordance with organization-defined frequency.
Draft
PL-1
CCI-000569
The organization develops a security plan for the information system.
Deprecated
CCI-000570
The organization develops a security plan for the information system that is consistent with the organization's enterprise architecture; explicitly defines the authorization boundary for the system; describes the operational context of the information system in terms of mission and business processes; provides the security category and impact level of the information system, including supporting rationale; describes the operational environment for the information system; describes relationships with, or connections to, other information systems; provides an overview of the security requirements for the system; and describes the security controls in place or planned for meeting those requirements, including a rationale for the tailoring and supplemental decisions.
Draft
Prev
1...
15
16
17
18
19
20
21
22
23
...172
Next