An error occurred:
Close sidebar
Xylok
Home Menu
info@xylok.io
© 2025
Xylok, LLC
Version: bugfix-XSS-85-d5bffe - rmfrev4
Xylok
Home Menu
info@xylok.io
© 2025
Xylok, LLC
Version: bugfix-XSS-85-d5bffe - rmfrev4
Open sidebar
Navigate
Top
Search
CCIs (
5137
)
Pages (
5/172
)
CCIs
Number
Definition
Status
Related
CCI-000121
The organization disseminates formal, documented, procedures to elements within the organization having associated audit and accountability roles and responsibilities.
Draft
CCI-000122
Review and update the current audit and accountability procedures on an organization-defined frequency.
Draft
AU-1
CCI-000123
Identify the organization-defined event types that the system is capable of logging in support of the audit function.
Draft
AU-2
CCI-000124
Coordinate the event logging function with other organizational entities requiring audit-related information to guide and inform the selection criteria for events to be logged.
Draft
AU-2
CCI-000125
Provide a rationale for why the event types selected for logging are deemed to be adequate for support after-the-fact investigations of incidents.
Draft
AU-2
CCI-000126
Specify the organization-defined event types (subset of the event types defined in AU-2a) along with the frequency of (or situation requiring logging for each identified event type.
Draft
AU-2
CCI-000127
The organization reviews and updates the list of organization-defined audited events on an organization-defined frequency.
Draft
AU-2(3)
CCI-000128
The organization includes execution of privileged functions in the list of events to be audited by the information system.
Draft
CCI-000129
The organization defines in the auditable events that the information system must be capable of auditing based on a risk assessment and mission/business needs.
Draft
CCI-000130
Ensure that audit records contain information that establishes what type of event occurred.
Draft
AU-3
CCI-000131
Ensure that audit records containing information that establishes when the event occurred.
Draft
AU-3
CCI-000132
Ensure that audit records containing information that establishes where the event occurred.
Draft
AU-3
CCI-000133
Ensure that audit records containing information that establishes the source of the event.
Draft
AU-3
CCI-000134
Ensure that audit records containing information that establishes the outcome of the event.
Draft
AU-3
CCI-000135
Generate audit records containing the organization-defined additional information that is to be included in the audit records.
Draft
AU-3(1)
CCI-000136
The organization centrally manages the content of audit records generated by organization-defined information system components.
Draft
CCI-000137
The organization allocates audit record storage capacity.
Draft
CCI-000138
The organization configures auditing to reduce the likelihood of storage capacity being exceeded.
Draft
CCI-000139
Alert organization-defined personnel or roles within an organization-defined time period in the event of an audit logging process failure.
Draft
AU-5
CCI-000140
Take organization-defined actions upon audit failure include, shutting down the system, overwriting oldest audit records, and stopping the generation of audit records.
Draft
AU-5
CCI-000141
Make available for expenditure, the planned information security resources.
Draft
PM-3
CCI-000142
Implement a process to ensure that plans of action and milestones for the information security program and the associated organizational systems are maintained.
Draft
PM-4
CCI-000143
The information system provides a warning when allocated audit record storage volume reaches an organization-defined percentage of maximum audit record storage capacity.
Draft
CCI-000144
The information system provides a real-time alert when organization-defined audit failure events occur.
Draft
CCI-000145
Enforce configurable network communications traffic volume thresholds reflecting limits on audit log storage capacity by delaying or rejecting network traffic above those organization-defined thresholds.
Draft
AU-5(3)
CCI-000146
The organization defines the percentage of maximum audit record storage capacity that when exceeded, a warning is provided.
Draft
CCI-000147
Defines the audit logging failure events requiring real-time alerts.
Draft
AU-5(2)
CCI-000148
Review and analyze system audit records on an organization-defined frequency for indications of organization-defined inappropriate or unusual activity.
Draft
AU-6
CCI-000149
Report any findings to organization-defined personnel or roles for indications of organization-defined inappropriate or unusual activity.
Draft
AU-6
CCI-000150
The organization adjusts the level of audit review, analysis, and reporting within the information system when there is a change in risk to organizational operations, organizational assets, individuals, other organizations, or the Nation based on law enforcement information, intelligence information, or other credible sources of information.
Draft
Prev
1
2
3
4
5
6
7
8
9
...172
Next