An error occurred:
Close sidebar
Xylok
Home Menu
info@xylok.io
© 2025
Xylok, LLC
Version: bugfix-XSS-85-d5bffe - rmfrev4
Xylok
Home Menu
info@xylok.io
© 2025
Xylok, LLC
Version: bugfix-XSS-85-d5bffe - rmfrev4
Open sidebar
Navigate
Top
Search
CCIs (
5137
)
Pages (
36/172
)
CCIs
Number
Definition
Status
Related
CCI-001051
Defines a frequency for reviewing risk assessment results.
Draft
RA-3
CCI-001052
Update the risk assessment on an organization-defined frequency or when there are significant changes to the system, its environment of operation, or other conditions that may impact the security or privacy state of the system.
Draft
RA-3
CCI-001053
Defines a frequency for updating the risk assessment.
Draft
RA-3
CCI-001054
Monitor and scan for vulnerabilities in the system and hosted applications on an organization-defined frequency and/or randomly in accordance with organization-defined process.
Draft
RA-5
CCI-001055
Defines a frequency for scanning for vulnerabilities in the system and hosted applications, and/or randomly in accordance with organization-defined process.
Draft
RA-5
CCI-001056
Monitor and scan for vulnerabilities in the system and hosted applications when new vulnerabilities potentially affecting the system/applications are identified and reported.
Draft
RA-5
CCI-001057
Employ vulnerability monitoring tools and techniques that facilitate interoperability among tools and automate parts of the vulnerability management process by using standards for: enumerating platforms, software flaws, and improper configurations.
Draft
RA-5
CCI-001058
Analyze vulnerability scan reports and results from vulnerability monitoring.
Draft
RA-5
CCI-001059
Remediate legitimate vulnerabilities in organization-defined response times in accordance with an organizational assessment risk.
Draft
RA-5
CCI-001060
Defines response times for remediating legitimate vulnerabilities in accordance with an organization assessment of risk.
Draft
RA-5
CCI-001061
Share information obtained from the vulnerability monitoring process and control assessments with organization-defined personnel or roles to help eliminate similar vulnerabilities in other systems.
Draft
RA-5
CCI-001062
The organization employs vulnerability scanning tools that include the capability to readily update the information system vulnerabilities to be scanned.
Draft
RA-5(1)
CCI-001063
Update the system vulnerabilities scanned on an organization-defined frequency, prior to a new scan, and/or when new vulnerabilities are identified and reported.
Draft
RA-5(2)
CCI-001064
Defines a frequency for updating the system vulnerabilities scanned.
Draft
RA-5(2)
CCI-001065
The organization employs vulnerability scanning procedures that can demonstrate the breadth of coverage (i.e., information system components scanned).
Draft
CCI-001066
Determine information about the system that is discoverable.
Draft
RA-5(4)
CCI-001067
Implement privileged access authorization to organization-identified system components for organization-defined vulnerability scanning activities.
Draft
RA-5(5)
CCI-001068
Compare the results of multiple vulnerability scans using organization-defined automated mechanisms.
Draft
RA-5(6)
CCI-001069
The organization employs automated mechanisms to detect the presence of unauthorized software on organizational information systems and notify designated organizational officials in accordance with the organization-defined frequency.
Draft
CCI-001070
The organization defines a frequency for employing automated mechanisms to detect the presence of unauthorized software on organizational information systems and notify designated organizational officials.
Draft
CCI-001071
Review historic audit logs to determine if a vulnerability identified in the organization-defined system has been previously exploited within an organization-defined time period.
Draft
RA-5(8)
CCI-001072
The organization employs an independent penetration agent or penetration team to conduct a vulnerability analysis on the information system.
Draft
CCI-001073
The organization employs an independent penetration agent or penetration team to perform penetration testing on the information system based on the vulnerability analysis to determine the exploitability of identified vulnerabilities.
Draft
CCI-001074
The organization develops a system and communications protection policy that addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance.
Draft
SC-1
CCI-001075
Disseminates to organization-defined personnel or roles the organization-level; mission/business process-level; and/or system-level system and communications protection policy.
Draft
SC-1
CCI-001076
Review and update the current system and communications protection policy in accordance with organization-defined frequency.
Draft
SC-1
CCI-001077
Defines the frequency for reviewing and updating the current system and communications protection policy.
Draft
SC-1
CCI-001078
The organization develops system and communications protection procedures to facilitate the implementation of the system and communications protection policy and associated system and communications protection controls.
Draft
SC-1
CCI-001079
Disseminates to organization-defined personnel or roles the procedures to facilitate the implementation of the system and communications protection policy and associated system and communications protection controls.
Draft
SC-1
CCI-001080
Review and update the current system and communications protection procedures in accordance with organization-defined frequency.
Draft
SC-1
Prev
1...
32
33
34
35
36
37
38
39
40
...172
Next