An error occurred:
Close sidebar
Xylok
Home Menu
info@xylok.io
© 2025
Xylok, LLC
Version: bugfix-XSS-85-d5bffe - rmfrev4
Xylok
Home Menu
info@xylok.io
© 2025
Xylok, LLC
Version: bugfix-XSS-85-d5bffe - rmfrev4
Open sidebar
Navigate
Top
Search
CCIs (
5137
)
Pages (
3/172
)
CCIs
Number
Definition
Status
Related
CCI-000061
Identify organization-defined user actions that can be performed on the system without identification or authentication consistent with organizational missions/business functions.
Draft
AC-14
CCI-000062
The organization permits actions to be performed without identification and authentication only to the extent necessary to accomplish mission/business objectives.
Draft
CCI-000063
The organization defines allowed methods of remote access to the information system.
Draft
AC-17
CCI-000064
The organization establishes usage restrictions and implementation guidance for each allowed remote access method.
Draft
CCI-000065
Authorize remote access to the system prior to allowing such connections.
Draft
AC-17
CCI-000066
The organization enforces requirements for remote connections to the information system.
Draft
CCI-000067
Employ automated mechanisms to monitor remote access methods.
Draft
AC-17(1)
CCI-000068
Implement cryptographic mechanisms to protect the confidentiality of remote access sessions.
Draft
AC-17(2)
CCI-000069
Route all remote accesses through authorized and managed network access control points.
Draft
AC-17(3)
CCI-000070
Authorize the execution of privileged commands via remote access only in a format that provides assessable evidence for organization-defined needs.
Draft
AC-17(4)
CCI-000071
The organization monitors for unauthorized remote connections to the information system on an organization-defined frequency.
Draft
CCI-000072
Protect information about remote access mechanisms from unauthorized use and disclosure.
Draft
AC-17(6)
CCI-000073
Develop an organization-wide information security program plan that provides an overview of the requirements for the security program and a description of the security program management controls and common controls in place or planned for meeting those requirements.
Draft
PM-1
CCI-000074
Develop an organization-wide information security program plan that is approved by a senior official with responsibility and accountability for the risk being incurred to organizational operations (including mission, functions, image, and reputation), organizational assets, individuals, other organizations, and the Nation.
Draft
PM-1
CCI-000075
Review and update the organization-wide information security program plan on an organization-defined frequency.
Draft
PM-1
CCI-000076
Defines the frequency with which to review and update the organization-wide information security program plan.
Draft
PM-1
CCI-000077
The organization updates the plan to address organizational changes and problems identified during plan implementation or security control assessments.
Draft
PM-1
CCI-000078
Appoint a Senior Information Security Officer with the mission and resources to coordinate, develop, implement, and maintain an organization-wide information security program.
Draft
PM-2
CCI-000079
The organization ensures that remote sessions for accessing an organization-defined list of security functions and security-relevant information employ organization-defined additional security measures.
Draft
CCI-000080
Include the resources needed to implement the information security programs in capital planning and investment requests and document all exceptions to this requirement.
Draft
PM-3
CCI-000081
The organization employs a business case/Exhibit 300/Exhibit 53 to record the resources required.
Draft
PM-3
CCI-000082
The organization establishes usage restrictions for organization-controlled mobile devices.
Draft
AC-19
CCI-000083
Establish implementation guidance for organization-controlled mobile devices, to include when such devices are outside of controlled areas.
Draft
AC-19
CCI-000084
Authorize connection of mobile devices to organizational systems.
Draft
AC-19
CCI-000085
The organization monitors for unauthorized connections of mobile devices to organizational information systems.
Draft
CCI-000086
The organization enforces requirements for the connection of mobile devices to organizational information systems.
Draft
CCI-000087
The organization disables information system functionality that provides the capability for automatic execution of code on mobile devices without user direction.
Draft
CCI-000088
The organization issues specially configured mobile devices to individuals traveling to locations that the organization deems to be of significant risk in accordance with organizational policies and procedures.
Draft
CCI-000089
The organization applies organization-defined inspection and preventative measures to mobile devices returning from locations that the organization deems to be of significant risk in accordance with organizational policies and procedures.
Draft
CCI-000090
The organization restricts the use of writable, removable media in organizational information systems.
Draft
Prev
1
2
3
4
5
6
7
...172
Next