An error occurred:
Close sidebar
Xylok
Home Menu
info@xylok.io
© 2025
Xylok, LLC
Version: bugfix-XSS-85-d5bffe - rmfrev4
Xylok
Home Menu
info@xylok.io
© 2025
Xylok, LLC
Version: bugfix-XSS-85-d5bffe - rmfrev4
Open sidebar
Navigate
Top
Search
CCIs (
5137
)
Pages (
44/172
)
CCIs
Number
Definition
Status
Related
CCI-001291
The information system verifies the correct operation of security functions in accordance with organization-defined conditions and in accordance with organization-defined frequency (if periodic verification).
Draft
CCI-001292
The organization defines the appropriate conditions, including the system transitional states if applicable, for verifying the correct operation of security functions.
Draft
CCI-001293
The organization defines the information system responses and alternative action(s) to anomalies discovered during security function verification.
Draft
CCI-001294
Alert organization-defined personnel or roles of failed security verification tests.
Draft
SI-6
CCI-001295
Implement automated mechanisms to support the management of distributed security function testing.
Draft
SI-6(2)
CCI-001296
Report the results of security function verification to organization-defined personnel or roles.
Draft
SI-6(3)
CCI-001297
The information system detects unauthorized changes to software and information.
Draft
CCI-001298
The organization reassesses the integrity of software and information by performing, on an organization-defined frequency, integrity scans of the information system.
Draft
CCI-001299
The organization defines the frequency of integrity scans to be performed on the information system.
Draft
CCI-001300
Employ automated tools that provide notification to organization-defined personnel or roles upon discovering discrepancies during integrity verification.
Draft
SI-7(2)
CCI-001301
Employ centrally managed integrity verification tools.
Draft
SI-7(3)
CCI-001302
The organization requires use of tamper-evident packaging for organization-defined information system components during organization-defined conditions.
Draft
CCI-001303
The organization defines information system components that require tamper-evident packaging.
Draft
CCI-001304
The organization defines conditions (i.e., transportation from vendor to operational site, during operation, both) under which tamper-evident packaging must be used for organization-defined information system components.
Draft
CCI-001305
The organization employs spam protection mechanisms at information system entry and exit points to detect and take action on unsolicited messages transported by electronic mail, electronic mail attachments, web accesses, removable media, or other common means.
Draft
CCI-001306
The organization updates spam protection mechanisms when new releases are available in accordance with organizational configuration management policy and procedures.
Draft
SI-8
CCI-001307
The organization centrally manages spam protection mechanisms.
Draft
SI-8(1)
CCI-001308
Automatically update spam protection mechanisms on an organization-defined frequency.
Draft
SI-8(2)
CCI-001309
The organization restricts the capability to input information to the information system to authorized personnel.
Draft
CCI-001310
Checks the validity of organization-defined information inputs to the system.
Draft
SI-10
CCI-001311
The information system identifies potentially security-relevant error conditions.
Draft
CCI-001312
Generate error messages that provide information necessary for corrective actions without revealing information that could be exploited.
Draft
SI-11
CCI-001313
The organization defines sensitive or potentially harmful information that should not be contained in error logs and administrative messages.
Draft
CCI-001314
Reveal error messages only to organization-defined personnel or roles.
Draft
SI-11
CCI-001315
Manage information within the system and information output from the system in accordance with applicable federal laws, Executive Orders, directives, policies, regulations, standards, and operational requirements.
Draft
SI-12
CCI-001316
The organization protects the information system from harm by considering mean time to failure rates for an organization-defined list of information system components in specific environments of operation.
Draft
CCI-001317
The organization defines a list of information system components for which mean time to failure rates should be considered to protect the information system from harm.
Draft
CCI-001318
Provide substitute system components.
Draft
SI-13
CCI-001319
Take system components out of service by transferring component responsibilities to a substitute component no later than an organization-defined fraction or percentage of mean time to failure (MTTF).
Draft
SI-13(1)
CCI-001320
Defines the maximum fraction or percentage of mean time to failure (MTTF) used to determine when system components are taken out of service by transferring component responsibilities to substitute components.
Draft
SI-13(1)
Prev
1...
40
41
42
43
44
45
46
47
48
...172
Next