An error occurred:
Close sidebar
Xylok
Home Menu
info@xylok.io
© 2025
Xylok, LLC
Version: bugfix-XSS-85-d5bffe - rmfrev4
Xylok
Home Menu
info@xylok.io
© 2025
Xylok, LLC
Version: bugfix-XSS-85-d5bffe - rmfrev4
Open sidebar
Navigate
Top
Search
CCIs (
5137
)
Pages (
29/172
)
CCIs
Number
Definition
Status
Related
CCI-000841
Establish a direct, cooperative relationship between its incident response capability and external providers of system protection capability.
Draft
IR-7(2)
CCI-000842
Identify organizational incident response team members to the external providers.
Draft
IR-7(2)
CCI-000843
The organization develops an incident response plan that provides the organization with a roadmap for implementing its incident response capability; describes the structure and organization of the incident response capability; provides a high-level approach for how the incident response capability fits into the overall organization; meets the unique requirements of the organization, which relate to mission, size, structure, and functions; defines reportable incidents; provides metrics for measuring the incident response capability within the organization; and defines the resources and management support needed to effectively maintain and mature an incident response capability.
Draft
CCI-000844
Develop an incident response plan that is reviewed and approved by organization-defined personnel or roles on an organization-defined frequency.
Draft
IR-8
CCI-000845
Defines incident response personnel (identified by name and/or by role) and organizational elements to whom copies of the incident response plan are distributed.
Draft
IR-8
CCI-000846
Distributes copies of the incident response plan to organization-defined incident response personnel (identified by name and/or by role) and organizational elements.
Draft
IR-8
CCI-000847
The organization defines the frequency for reviewing the incident response plan.
Draft
IR-8
CCI-000848
The organization reviews the incident response plan on an organization-defined frequency.
Draft
IR-8
CCI-000849
Update the incident response plan to address system and organizational changes or problems encountered during plan implementation, execution, or testing.
Draft
IR-8
CCI-000850
Communicate incident response plan changes to organization-defined incident response personnel (identified by name and/or by role) and organizational elements.
Draft
IR-8
CCI-000851
Defines the frequency with which to review and update the current system maintenance policy.
Draft
MA-1
CCI-000852
Develop and document an organization-level; mission/business process-level; and/or system-level maintenance policy that addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance.
Draft
MA-1
CCI-000853
Disseminate an organization-level; mission/business process-level; and/or system-level maintenance policy to organization-defined personnel or roles.
Draft
MA-1
CCI-000854
Review and update the current maintenance policy in accordance with organization-defined frequency.
Draft
MA-1
CCI-000855
Develop and document procedures to facilitate the implementation of the system maintenance policy and associated system maintenance controls.
Draft
MA-1
CCI-000856
Disseminate procedures to facilitate the implementation of the system maintenance policy and associated system maintenance controls to organization-defined personnel or roles.
Draft
MA-1
CCI-000857
Review and update the current maintenance procedures in accordance with organization-defined frequency.
Draft
MA-1
CCI-000858
The organization schedules, performs, documents, and reviews records of maintenance and repairs on information system components in accordance with manufacturer or vendor specifications and/or organizational requirements.
Draft
CCI-000859
The organization approves and monitors all maintenance activities, whether performed on site or remotely and whether the equipment is serviced on site or removed to another location.
Draft
MA-2
CCI-000860
Require that organization-defines personnel or roles explicitly approve the removal of the system or system components from organizational facilities for off-site maintenance, repair, or replacement.
Draft
MA-2
CCI-000861
Sanitize equipment to remove organization-defined information from associated media prior to removal from organizational facilities for off-site maintenance, repairs or replacement.
Draft
MA-2
CCI-000862
Check all potentially impacted controls to verify that the controls are still functioning properly following maintenance, repair or replacement actions.
Draft
MA-2
CCI-000863
The organization maintains maintenance records for the information system that include the date and time of maintenance, the name of the individual performing the maintenance, the name of escort, if necessary, a description of the maintenance performed, and a list of equipment removed or replaced (including identification numbers, if applicable).
Draft
CCI-000864
The organization employs automated mechanisms to schedule, conduct, and document maintenance and repairs as required.
Draft
CCI-000865
Approve the use of system maintenance tools.
Draft
MA-3
CCI-000866
Control the use of system maintenance tools.
Draft
MA-3
CCI-000867
Monitor the use of system maintenance tools.
Draft
MA-3
CCI-000868
The organization maintains, on an ongoing basis, information system maintenance tools.
Draft
CCI-000869
Inspect the maintenance tools used by maintenance personnel for improper or unauthorized modifications.
Draft
MA-3(1)
CCI-000870
Check media containing diagnostic and test programs for malicious code before the media are used in the system.
Draft
MA-3(2)
Prev
1...
25
26
27
28
29
30
31
32
33
...172
Next