An error occurred:
Close sidebar
Xylok
Home Menu
info@xylok.io
© 2025
Xylok, LLC
Version: bugfix-XSS-85-d5bffe - rmfrev4
Xylok
Home Menu
info@xylok.io
© 2025
Xylok, LLC
Version: bugfix-XSS-85-d5bffe - rmfrev4
Open sidebar
Navigate
Top
Search
CCIs (
5137
)
Pages (
42/172
)
CCIs
Number
Definition
Status
Related
CCI-001231
The organization centrally manages the flaw remediation process.
Draft
SI-2(1)
CCI-001232
The organization installs software updates automatically.
Draft
CCI-001233
The organization employs automated mechanisms on an organization-defined frequency to determine the state of information system components with regard to flaw remediation.
Draft
SI-2(2)
CCI-001234
The organization defines a frequency for employing automated mechanisms to determine the state of information system components with regard to flaw remediation.
Draft
SI-2(2)
CCI-001235
Measure the time between flaw identification and flaw remediation.
Draft
SI-2(3)
CCI-001236
Defines benchmarks for the time taken to apply corrective actions after flaw identification.
Draft
SI-2(3)
CCI-001237
The organization employs automated patch management tools to facilitate flaw remediation to organization-defined information system components.
Draft
CCI-001238
The organization defines information system components for which automated patch management tools are to be employed to facilitate flaw remediation.
Draft
CCI-001239
The organization employs malicious code protection mechanisms at information system entry and exit points to detect and eradicate malicious code transported by electronic mail, electronic mail attachments, web accesses, removable media, or other common means or inserted through the exploitation of information system vulnerabilities.
Draft
CCI-001240
The organization updates malicious code protection mechanisms whenever new releases are available in accordance with organizational configuration management policy and procedures.
Draft
SI-3
CCI-001241
Configure malicious code protection mechanisms to perform periodic scans of the system on an organization-defined frequency.
Draft
SI-3
CCI-001242
The organization configures malicious code protection mechanisms to perform real-time scans of files from external sources at endpoints as the files are downloaded, opened, or executed in accordance with organizational security policy.
Draft
SI-3
CCI-001243
Configure malicious code protection mechanisms to block malicious code; quarantine malicious code; and/or take organization-defined action(s) in response to malicious code detection.
Draft
SI-3
CCI-001244
Defines one or more actions to perform in response to malicious code detection, such as blocking malicious code, quarantining malicious code, or sending alerts to administrators.
Draft
SI-3
CCI-001245
Address the receipt of false positives during malicious code detection and eradication, and the resulting potential impact on the availability of the system.
Draft
SI-3
CCI-001246
The organization centrally manages malicious code protection mechanisms.
Draft
SI-3(1)
CCI-001247
The information system automatically updates malicious code protection mechanisms.
Draft
SI-3(2)
CCI-001248
The information system prevents non-privileged users from circumventing malicious code protection capabilities.
Draft
CCI-001249
Update malicious code protection mechanisms only when directed by a privileged user.
Draft
SI-3(4)
CCI-001250
The organization does not allow users to introduce removable media into the information system.
Draft
CCI-001251
Test malicious code protection mechanisms on an organization-defined frequency by introducing a known benign code into the system.
Draft
SI-3(6)
CCI-001252
The organization monitors events on the information system in accordance with organization-defined monitoring objectives and detects information system attacks.
Draft
CCI-001253
Defines the objectives of monitoring for attacks and indicators of potential attacks on the system.
Draft
SI-4
CCI-001254
The organization identifies unauthorized use of the information system.
Draft
CCI-001255
Invoke internal monitoring capabilities or deploy monitoring devices strategically within the system to collect organization-determined essential information.
Draft
SI-4
CCI-001256
Invoke internal monitoring capabilities or deploy monitoring devices at ad hoc locations within the system to track specific types of transactions of interest to the organization.
Draft
SI-4
CCI-001257
Adjust the level of system monitoring activity when there is a change in increased risk to organizational operations and assets, individuals, other organizations, or the Nation.
Draft
SI-4
CCI-001258
Obtain legal opinion with regard to system monitoring activities.
Draft
SI-4
CCI-001259
The organization interconnects and configures individual intrusion detection tools into a systemwide intrusion detection system using common protocols.
Draft
CCI-001260
Employ automated tools to support near real-time analysis of events.
Draft
SI-4(2)
Prev
1...
38
39
40
41
42
43
44
45
46
...172
Next