An error occurred:
Close sidebar
Xylok
Home Menu
info@xylok.io
© 2025
Xylok, LLC
Version: bugfix-XSS-85-d5bffe - rmfrev4
Xylok
Home Menu
info@xylok.io
© 2025
Xylok, LLC
Version: bugfix-XSS-85-d5bffe - rmfrev4
Open sidebar
Navigate
Top
Search
CCIs (
5137
)
Pages (
46/172
)
CCIs
Number
Definition
Status
Related
CCI-001351
Authorize access to management of audit logging functionality to only an organization-defined subset of privileged users or roles.
Draft
AU-9(4)
CCI-001352
The organization protects the audit records of non-local accesses to privileged accounts and the execution of privileged functions.
Draft
CCI-001353
Produce a system-wide (logical or physical) audit trail composed of audit records in a standardized format.
Draft
AU-12(2)
CCI-001354
The organization manages information system accounts by deactivating temporary accounts that are no longer required.
Draft
CCI-001355
The organization manages information system accounts by deactivating accounts of terminated or transferred users.
Draft
CCI-001356
The organization monitors for atypical usage of information system accounts.
Draft
CCI-001357
The organization reports atypical usage to designated organizational officials.
Draft
CCI-001358
Establish privileged user accounts in accordance with a role-based access scheme; or an attribute-based access scheme.
Draft
AC-2(7)
CCI-001359
The organization tracks privileged role assignments.
Draft
CCI-001360
Monitor privileged role assignments.
Draft
AC-2(7)
CCI-001361
Defines a time period after which temporary accounts are automatically terminated.
Draft
AC-2(2)
CCI-001362
The information system enforces a Discretionary Access Control (DAC) policy that allows users to specify and control sharing by named individuals or groups of individuals, or by both.
Draft
CCI-001363
The organization establishes a Discretionary Access Control (DAC) policy that allows users to specify and control sharing by named individuals or groups of individuals, or by both.
Draft
CCI-001364
The organization establishes a Discretionary Access Control (DAC) policy that limits propagation of access rights.
Deprecated
CCI-001365
Defines a time period after which emergency accounts are automatically terminated.
Draft
AC-2(2)
CCI-001366
The organization defines user information to be encrypted or stored off-line in a secure location.
Draft
CCI-001367
The organization defines system information to be encrypted or stored off-line in a secure location.
Draft
CCI-001368
Enforce approved authorizations for controlling the flow of information within the system based on organization-defined information flow control policies.
Draft
AC-4
CCI-001369
The information system, when transferring information between different security domains, identifies information flows by data type specification and usage.
Deprecated
CCI-001370
The information system, when transferring information between different security domains, decomposes information into policy-relevant subcomponents for submission to policy enforcement mechanisms.
Deprecated
CCI-001371
Defines security or privacy policy filters requiring fully enumerated formats which are to be implemented when transferring information between different security domains.
Draft
AC-4(14)
CCI-001372
When transferring information between different security domains, implement organization-defined security or privacy policy filters requiring fully enumerated formats that restrict data structure and content.
Draft
AC-4(14)
CCI-001373
When transferring information between different security domains, examine the information for the presence of organization-defined unsanctioned information.
Draft
AC-4(15)
CCI-001374
When transferring information between different security domains, prohibit the transfer of such information in accordance with the organization-defined security or privacy policy.
Draft
AC-4(15)
CCI-001375
The information system enforces security policies regarding information on interconnected systems.
Deprecated
CCI-001376
The information system uniquely identifies source domains for information transfer.
Draft
CCI-001377
The information system uniquely authenticates source domains for information transfer.
Draft
CCI-001378
The information system binds security attributes to information to facilitate information flow policy enforcement.
Deprecated
CCI-001379
The information system tracks problems associated with the security attribute binding and information transfer.
Deprecated
CCI-001380
The organization documents separation of duties of individuals.
Draft
AC-5
Prev
1...
42
43
44
45
46
47
48
49
50
...172
Next