An error occurred:
Close sidebar
Xylok
Home Menu
info@xylok.io
© 2025
Xylok, LLC
Version: bugfix-XSS-85-d5bffe - rmfrev4
Xylok
Home Menu
info@xylok.io
© 2025
Xylok, LLC
Version: bugfix-XSS-85-d5bffe - rmfrev4
Open sidebar
Navigate
Top
Search
CCIs (
5137
)
Pages (
48/172
)
CCIs
Number
Definition
Status
Related
CCI-001411
Defines security-relevant information to which the system prevents access except during secure, non-operable system states.
Draft
AC-3(5)
CCI-001412
The organization encrypts or stores off-line, in a secure location, organization-defined user information.
Draft
CCI-001413
The organization encrypts or stores off-line, in a secure location, organization-defined system information.
Draft
CCI-001414
Enforce approved authorizations for controlling the flow of information between connected systems based on organization-defined information flow control policies.
Draft
AC-4
CCI-001415
Defines limitations for the embedding of data types within other data types.
Draft
AC-4(5)
CCI-001416
The organization defines one-way information flows to be enforced by the information system.
Draft
AC-4(7)
CCI-001417
Defines security policy filters to be enforced and used as a basis for flow control decisions.
Draft
AC-4(8)
CCI-001418
The organization defines security policy filters for which the information system enforces the use of human review.
Draft
CCI-001419
Defines the security functions or security-relevant information to which users of system accounts, or roles, have access.
Draft
AC-6(2)
CCI-001420
Defines the privileged commands to which network access is to be authorized only for organization-defined compelling operational needs.
Draft
AC-6(3)
CCI-001421
The organization limits authorization to super user accounts on the information system to designated system administration personnel.
Draft
CCI-001422
Prohibit privileged access to the system by non-organizational users.
Draft
AC-6(6)
CCI-001423
Defines the time period in which the organization-defined maximum number of consecutive invalid logon attempts occur.
Draft
AC-7
CCI-001424
Dynamically associate security attributes with organization-defined subjects in accordance with organization-defined security policies as information is created and combined.
Draft
AC-16(1)
CCI-001425
Provides authorized individuals (or processes acting on behalf of individuals) the capability to change the value of associated security attributes.
Draft
AC-16(2)
CCI-001426
The information system maintains the binding of security attributes to information with sufficient assurance that the information--attribute association can be used as the basis for automated policy actions.
Draft
CCI-001427
The information system allows authorized users to associate security attributes with information.
Draft
CCI-001428
Display security attributes in human-readable form on each object that the system transmits to output devices to identify organization-identified special dissemination, handling, or distribution instructions using organization-identified human-readable, standard naming conventions.
Draft
AC-16(4)
CCI-001429
Identify special dissemination, handling, or distribution instructions for identifying security attributes on output.
Draft
AC-16(5)
CCI-001430
Identify human-readable, standard naming conventions for identifying security attributes on output.
Draft
AC-16(5)
CCI-001431
The organization defines a frequency for monitoring for unauthorized remote connections to the information system.
Draft
CCI-001432
The organization takes appropriate action if an unauthorized remote connection to the information system is discovered.
Draft
CCI-001433
The organization defines a list of security functions and security-relevant information that for remote access sessions have organization-defined security measures employed and are audited.
Draft
CCI-001434
The organization defines additional security measures to be employed when an organization-defined list of security functions and security-relevant information is accessed remotely.
Draft
CCI-001435
The organization defines networking protocols within the information system deemed to be nonsecure.
Draft
CCI-001436
The organization disables organization-defined networking protocols within the information system deemed to be nonsecure except for explicitly identified components in support of specific operational requirements.
Draft
CCI-001437
The organization documents the rationale for the execution of privileged commands and access to security-relevant information in the security plan for the information system.
Draft
CCI-001438
The organization establishes usage restrictions for wireless access.
Draft
AC-18
CCI-001439
Establish implementation guidance for wireless access.
Draft
AC-18
CCI-001440
The organization monitors for unauthorized wireless access to the information system.
Draft
Prev
1...
44
45
46
47
48
49
50
51
52
...172
Next