An error occurred:
Close sidebar
Xylok
Home Menu
info@xylok.io
© 2025
Xylok, LLC
Version: bugfix-XSS-85-d5bffe - rmfrev4
Xylok
Home Menu
info@xylok.io
© 2025
Xylok, LLC
Version: bugfix-XSS-85-d5bffe - rmfrev4
Open sidebar
Navigate
Top
Search
CCIs (
5137
)
Pages (
2/172
)
CCIs
Number
Definition
Status
Related
CCI-000031
Enforce one-way information flows using hardware-based flow control mechanisms.
Draft
AC-4(7)
CCI-000032
Enforce information flow control using organization-defined security policy filters as a basis for flow control decisions for organization-defined information flows.
Draft
AC-4(8)
CCI-000033
The information system enforces the use of human review for organization-defined security policy filters when the system is not capable of making an information flow control decision.
Draft
CCI-000034
Provide the capability for privileged administrators to enable and disable organization-defined security or privacy filters under organization-defined conditions.
Draft
AC-4(10)
CCI-000035
Provide the capability for privileged administrators to configure the organization-defined security or privacy policy filters to support different security or privacy policies.
Draft
AC-4(11)
CCI-000036
The organization separates organization-defined duties of individuals.
Draft
AC-5
CCI-000037
The organization implements separation of duties through assigned information system access authorizations.
Draft
CCI-000038
The organization explicitly authorizes access to organization-defined security functions and security-relevant information.
Draft
CCI-000039
Require that users of system accounts, or roles, with access to organization-defined security functions or security-relevant information, use non-privileged accounts or roles, when accessing nonsecurity functions.
Draft
AC-6(2)
CCI-000040
The organization audits any use of privileged accounts, or roles, with access to organization-defined security functions or security-relevant information, when accessing other system functions.
Draft
CCI-000041
Authorize network access to organization-defined privileged commands only for organization-defined compelling operational needs.
Draft
AC-6(3)
CCI-000042
Document the rationale for authorized network access to organization-defined privileged commands in the security plan for the system.
Draft
AC-6(3)
CCI-000043
Defines the maximum number of consecutive invalid logon attempts to the information system by a user during an organization-defined time period.
Draft
AC-7
CCI-000044
Enforce the organization-defined limit of consecutive invalid logon attempts by a user during the organization-defined time period.
Draft
AC-7
CCI-000045
The organization defines in the security plan, explicitly or by reference, the time period for lock out mode or delay period.
Draft
CCI-000046
The organization selects either a lock out mode for the organization-defined time period or delays the next login prompt for the organization-defined delay period for information system responses to consecutive invalid access attempts.
Draft
CCI-000047
The information system delays next login prompt according to the organization-defined delay algorithm, when the maximum number of unsuccessful attempts is exceeded, automatically locks the account/node for an organization-defined time period or locks the account/node until released by an Administrator IAW organizational policy.
Draft
CCI-000048
Display an organization-defined system use notification message or banner to users before granting access to the system that provides privacy and security notices consistent with applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidelines.
Draft
AC-8
CCI-000049
The organization defines a system use notification message or banner displayed before granting access to the system that provides privacy and security notices consistent with applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance and states that: (i) users are accessing a U.S. Government information system; (ii) system usage may be monitored, recorded, and subject to audit; (iii) unauthorized use of the system is prohibited and subject to criminal and civil penalties; and (iv) use of the system indicates consent to monitoring and recording.
Draft
CCI-000050
Retain the notification message or banner on the screen until users acknowledge the usage conditions and take explicit actions to log on to or further access the system.
Draft
AC-8
CCI-000051
The organization approves the information system use notification message before its use.
Draft
CCI-000052
Notify the user, upon successful logon (access) to the system, of the date and time of the last logon (access).
Draft
AC-9
CCI-000053
Notify the user, upon successful logon/access, of the number of unsuccessful logon/access attempts since the last successful logon/access.
Draft
AC-9(1)
CCI-000054
Limit the number of concurrent sessions for each organization-defined account and/or account type to an organization-defined number.
Draft
AC-10
CCI-000055
Defines the maximum number of concurrent sessions to be allowed for each organization-defined account and/or account type.
Draft
AC-10
CCI-000056
Retain the device lock until the user reestablishes access using established identification and authentication procedures.
Draft
AC-11
CCI-000057
Prevent further access to the system by initiating a device lock after organization-defined time period of inactivity; and/or requiring the user to initiate a device lock before leaving the system unattended.
Draft
AC-11
CCI-000058
The information system provides the capability for users to directly initiate session lock mechanisms.
Draft
AC-11
CCI-000059
Defines the time-period of inactivity after which the system initiates a device lock.
Draft
AC-11
CCI-000060
Conceal, via the device lock, information previously visible on the display with a publicly viewable image.
Draft
AC-11(1)
Prev
1
2
3
4
5
6
...172
Next