An error occurred:
Close sidebar
Xylok
Home Menu
info@xylok.io
© 2025
Xylok, LLC
Version: bugfix-XSS-85-d5bffe - rmfrev4
Xylok
Home Menu
info@xylok.io
© 2025
Xylok, LLC
Version: bugfix-XSS-85-d5bffe - rmfrev4
Open sidebar
Navigate
Top
Search
CCIs (
5137
)
Pages (
35/172
)
CCIs
Number
Definition
Status
Related
CCI-001021
Defines types of system media protected and controlled during transport outside of controlled areas.
Draft
MP-5
CCI-001022
Defines controls to be used to protect and control organization-defined types of system media during transport outside of controlled areas.
Draft
MP-5
CCI-001023
Maintain accountability for system media during transport outside of controlled areas.
Draft
MP-5
CCI-001024
Restrict the activities associated with the transport of system media to authorized personnel.
Draft
MP-5
CCI-001025
Document activities associated with the transport of system media.
Draft
MP-5
CCI-001026
Employ an identified custodian during transport of system media outside of controlled areas.
Draft
MP-5(3)
CCI-001027
The information system implements cryptographic mechanisms to protect the confidentiality and integrity of information stored on digital media during transport outside of controlled areas.
Draft
MP-5(4)
CCI-001028
Sanitize organization-defined system media prior to disposal, release out of organizational control, or release for reuse using organization-defined sanitization techniques and procedures.
Draft
MP-6
CCI-001029
The organization tracks, documents, and verifies media sanitization and disposal actions.
Draft
CCI-001030
The organization tests sanitization equipment and procedures in accordance with the organization-defined frequency to verify that the intended sanitization is being achieved.
Draft
MP-6(2)
CCI-001031
Defines a frequency for testing sanitization equipment and procedures to ensure that the intended sanitization is being achieved.
Draft
MP-6(2)
CCI-001032
Apply nondestructive sanitization techniques to portable storage devices prior to connecting such devices to the system in accordance with organization-defined circumstances requiring sanitization of portable storage devices.
Draft
MP-6(3)
CCI-001033
Defines circumstances requiring sanitization of portable storage devices prior to connecting such devices to the system.
Draft
MP-6(3)
CCI-001034
The organization sanitizes information system media containing Controlled Unclassified Information (CUI) or other sensitive information in accordance with applicable organizational and/or federal standards and policies.
Draft
CCI-001035
The organization sanitizes information system media containing classified information in accordance with NSA standards and policies.
Draft
CCI-001036
The organization destroys information system media that cannot be sanitized.
Draft
CCI-001037
Develop and document an organization-level; mission/business process-level; system-level risk assessment policy that addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance.
Draft
RA-1
CCI-001038
Disseminate an organization-level; mission/business process-level; system-level risk assessment policy that addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance to organization-defined personnel or roles.
Draft
RA-1
CCI-001039
Review and update the current risk assessment policy in accordance with organization-defined frequency.
Draft
RA-1
CCI-001040
Defines the frequency with which to review and update the current risk assessment policy.
Draft
RA-1
CCI-001041
Develop and document procedures to facilitate the implementation of the risk assessment policy and associated risk assessment controls.
Draft
RA-1
CCI-001042
Disseminate risk assessment procedures to facilitate the implementation of the risk assessment policy and associated risk assessment controls to organization-defined personnel or roles.
Draft
RA-1
CCI-001043
Review and update the current risk assessment procedures in accordance with organization-defined frequency.
Draft
RA-1
CCI-001044
Defines the frequency with which to review and update the current risk assessment procedures.
Draft
RA-1
CCI-001045
The organization categorizes information and the information system in accordance with applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance.
Draft
RA-2
CCI-001046
Document the security categorization results including supporting rationale in the security plan for the system.
Draft
RA-2
CCI-001047
Verify the security categorization decision is reviewed and approved by the authorizing official or authorizing official designated representative.
Draft
RA-2
CCI-001048
Conduct a risk assessment, including determining the likelihood and magnitude of harm, from the unauthorized access, use, disclosure, disruption, modification, or destruction of the system, the information it processes, stores, or transmits, and any related information.
Draft
RA-3
CCI-001049
Document risk assessment results in the organization-defined document.
Draft
RA-3
CCI-001050
Review risk assessment results on an organization-defined frequency.
Draft
RA-3
Prev
1...
31
32
33
34
35
36
37
38
39
...172
Next