An error occurred:
Close sidebar
Xylok
Home Menu
info@xylok.io
© 2025
Xylok, LLC
Version: bugfix-XSS-85-d5bffe - rmfrev4
Xylok
Home Menu
info@xylok.io
© 2025
Xylok, LLC
Version: bugfix-XSS-85-d5bffe - rmfrev4
Open sidebar
Navigate
Top
Search
CCIs (
5137
)
Pages (
21/172
)
CCIs
Number
Definition
Status
Related
CCI-000601
Defines the frequency with which to review and update the current system and services acquisition policy.
Draft
SA-1
CCI-000602
Develop and document an organization-level; mission/business process-level; and/or system-level system and services acquisition policy that addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance.
Draft
SA-1
CCI-000603
Disseminate to organization-defined personnel or roles an organization-level; mission/business process-level; and/or system-level system and services acquisition policy.
Draft
SA-1
CCI-000604
Review and update the current system and services acquisition policy in accordance with organization-defined frequency.
Draft
SA-1
CCI-000605
Develop and document procedures to facilitate the implementation of the system and services acquisition policy and associated system and services acquisition controls.
Draft
SA-1
CCI-000606
Disseminate to organization-defined personnel or roles procedures to facilitate the implementation of the system and services acquisition policy and associated system and services acquisition controls.
Draft
SA-1
CCI-000607
Review and update the current system and services acquisition procedures in accordance with organization-defined frequency.
Draft
SA-1
CCI-000608
The organization includes a determination of information security requirements for the information system in mission process planning.
Draft
CCI-000609
The organization includes a determination of information security requirements for the information system in business process planning.
Draft
CCI-000610
Determine the resources required to protect the system or system service as part of the organizational capital planning and investment control process.
Draft
SA-2
CCI-000611
Document the resources required to protect the system or system service as part of the organizational capital planning and investment control process.
Draft
SA-2
CCI-000612
Allocate the resources required to protect the system or system service as part of the organizational capital planning and investment control process.
Draft
SA-2
CCI-000613
Establish a discrete line item for information security in organizational programming documentation.
Draft
SA-2
CCI-000614
Establish a discrete line item for information security in organizational budgeting documentation.
Draft
SA-2
CCI-000615
Manage the system using an organization-defined system development life cycle that incorporates information security considerations.
Draft
SA-3
CCI-000616
Define and document information system security roles and responsibilities throughout the system development life cycle.
Draft
SA-3
CCI-000617
The organization documents information system security roles and responsibilities throughout the system development life cycle.
Draft
CCI-000618
Identify individuals having information system security roles and responsibilities.
Draft
SA-3
CCI-000619
The organization includes security functional requirements/specifications, explicitly or by reference, in information system acquisition contracts based on an assessment of risk and in accordance with applicable federal laws, Executive Orders, directives, policies, regulations, and standards.
Draft
CCI-000620
The organization includes security-related documentation requirements, explicitly or by reference, in information system acquisition contracts based on an assessment of risk and in accordance with applicable federal laws, Executive Orders, directives, policies, regulations, and standards.
Draft
CCI-000621
The organization includes developmental and evaluation-related assurance requirements, explicitly or by reference, in information system acquisition contracts based on an assessment of risk and in accordance with applicable federal laws, Executive Orders, directives, policies, regulations, and standards.
Draft
CCI-000622
The organization includes the following requirements and/or specifications, explicitly or by reference, in information system acquisition contracts based on an assessment of risk and in accordance with applicable federal laws, Executive Orders, directives.
Deprecated
CCI-000623
Require the developer of the system, system component, or system service to provide a description of the functional properties of the controls to be implemented.
Draft
SA-4(1)
CCI-000624
The organization requires in acquisition documents that vendors/contractors provide information describing the design details of the security controls to be employed within the information system, information system components, or information system services (including functional interfaces among control components) in sufficient detail to permit analysis and testing of the controls.
Draft
CCI-000625
The organization requires in acquisition documents that vendors/contractors provide information describing the implementation details of the security controls to be employed within the information system, information system components, or information system services (including functional interfaces among control components) in sufficient detail to permit analysis and testing of the controls.
Draft
CCI-000626
The organization requires software vendors/manufacturers to minimize flawed or malformed software by demonstrating that their software development process employs state-of-the-practice software and security engineering methods.
Draft
CCI-000627
The organization requires software vendors/manufacturers to minimize flawed or malformed software by demonstrating that their software development process employs quality control processes.
Draft
CCI-000628
The organization requires software vendors/manufacturers to minimize flawed or malformed software by demonstrating that their software development processes employ validation techniques.
Draft
CCI-000629
The organization ensures each information system component acquired is explicitly assigned to an information system, and that the owner of the system acknowledges this assignment.
Draft
CCI-000630
The organization requires in acquisition documents, that information system components are delivered in a secure, documented configuration, and that the secure configuration is the default configuration for any software reinstalls or upgrades.
Draft
Prev
1...
17
18
19
20
21
22
23
24
25
...172
Next