An error occurred:
Close sidebar
Xylok
Home Menu
info@xylok.io
© 2025
Xylok, LLC
Version: bugfix-XSS-85-d5bffe - rmfrev4
Xylok
Home Menu
info@xylok.io
© 2025
Xylok, LLC
Version: bugfix-XSS-85-d5bffe - rmfrev4
Open sidebar
Navigate
Top
Search
CCIs (
5137
)
Pages (
4/172
)
CCIs
Number
Definition
Status
Related
CCI-000091
The organization prohibits the use of personally-owned, removable media in organizational information systems.
Draft
CCI-000092
The organization prohibits the use of removable media in organizational information systems when the media has no identifiable owner.
Draft
CCI-000093
Establish organization-defined terms and conditions, and/or identify organization-defined controls asserted to be implemented on external systems, consistent with the trust relationships established with other organizations owning, operating, and/or maintaining external systems, allowing authorized individuals to access the system from the external systems.
Draft
AC-20
CCI-000094
The organization establishes terms and conditions, consistent with any trust relationships established with other organizations owning, operating, and/or maintaining external information systems, allowing authorized individuals to process organization-controlled information using the external information systems.
Draft
CCI-000095
The organization prohibits authorized individuals from using an external information system to access the information system except in situations where the organization can verify the implementation of required security controls on the external system as specified in the organization's information security policy and security plan.
Draft
CCI-000096
The organization prohibits authorized individuals from using an external information system to access the information system or to process, store, or transmit organization-controlled information except in situations where the organization has approved information system connection or processing agreements with the organizational entity hosting the external information system.
Draft
CCI-000097
Restrict the use of organization-controlled portable storage devices by authorized individuals on external systems using organization-defined restrictions.
Draft
AC-20(2)
CCI-000098
Enable authorized users to determine whether access authorizations assigned to the sharing partner match the information's access and use restrictions for organization-defined information sharing circumstances where user discretion is required.
Draft
AC-21
CCI-000099
Employ organization-defined automated mechanisms to enforce information-sharing decisions by authorized users based on access authorizations of sharing partners and access restrictions on information to be shared.
Draft
AC-21(1)
CCI-000100
Develop and document an organization level, mission/business process-level, or system-level awareness and training policy that addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance.
Draft
AT-1
CCI-000101
Disseminate an organization level, mission/business process-level, or system-level awareness and training policy to organization-defined personnel or roles.
Draft
AT-1
CCI-000102
Review and update the current security awareness and training policy in accordance with organization-defined frequency.
Draft
AT-1
CCI-000103
Develop and document procedures to facilitate the implementation of the awareness and training policy and associated awareness and training controls.
Draft
AT-1
CCI-000104
Disseminate organization-level; mission/business process-level; or system-level awareness and training procedures to organization-defined personnel or roles.
Draft
AT-1
CCI-000105
Review and update the current security awareness and training procedures in accordance with an organization-defined frequency.
Draft
AT-1
CCI-000106
Provide basic security literacy training to system users (including managers, senior executives, and contractors) as part of initial training for new users.
Draft
AT-2
CCI-000107
Provide practical exercises in literacy training that simulate events and incidents.
Draft
AT-2(1)
CCI-000108
Provide role-based security training to personnel with organization-defined roles and responsibilities before authorizing access to the system, information, or performing assigned duties.
Draft
AT-3
CCI-000109
Provide role-based security training to personnel with organization-defined roles and responsibilities when required by system changes.
Draft
AT-3
CCI-000110
The organization provides refresher role-based security training to personnel with assigned security roles and responsibilities in accordance with organization-defined frequency.
Draft
AT-3
CCI-000111
The organization defines a frequency for providing refresher role-based security training.
Draft
AT-3
CCI-000112
Provide basic security awareness training to system users (including managers, senior executives, and contractors) when required by system changes or following organization-defined events.
Draft
AT-2
CCI-000113
Document individual security training activities, including security awareness training and specific system security training.
Draft
AT-4
CCI-000114
Monitor individual information security training activities, including security awareness training and specific security training.
Draft
AT-4
CCI-000115
The organization establishes contact with selected groups and associations within the security community to facilitate ongoing security education and training; to stay up to date with the latest recommended security practices, techniques, and technologies; and to share current security-related information including threats, vulnerabilities, and incidents.
Draft
CCI-000116
The organization institutionalizes contact with selected groups and associations within the security community to facilitate ongoing security education and training; to stay up to date with the latest recommended security practices, techniques, and technologies; and to share current security-related information including threats, vulnerabilities, and incidents.
Draft
CCI-000117
Develop and document an organization-level; mission/business process-level; and/or system-level audit and accountability policy that addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance.
Draft
AU-1
CCI-000118
The organization disseminates a formal, documented, audit and accountability policy to elements within the organization having associated audit and accountability roles and responsibilities.
Draft
CCI-000119
Review and update the current audit and accountability policy on an organization-defined frequency.
Draft
AU-1
CCI-000120
Develop and document procedures to facilitate the implementation of the audit and accountability policy and associated audit and accountability controls.
Draft
AU-1
Prev
1
2
3
4
5
6
7
8
...172
Next