An error occurred:
Close sidebar
Xylok
Home Menu
info@xylok.io
© 2025
Xylok, LLC
Version: bugfix-XSS-85-d5bffe - rmfrev4
Xylok
Home Menu
info@xylok.io
© 2025
Xylok, LLC
Version: bugfix-XSS-85-d5bffe - rmfrev4
Open sidebar
Navigate
Top
Search
CCIs (
5137
)
Pages (
53/172
)
CCIs
Number
Definition
Status
Related
CCI-001561
The organization defines managed access control points for remote access to the information system.
Draft
AC-17(3)
CCI-001562
The organization defines the appropriate action(s) to be taken if an unauthorized remote connection is discovered.
Draft
CCI-001563
The organization defines the appropriate action(s) to be taken if an unauthorized wireless connection is discovered.
Draft
CCI-001564
Defines the frequency of security awareness and training policy reviews and updates.
Draft
AT-1
CCI-001565
Defines the frequency of security awareness and training procedure reviews and updates.
Draft
AT-1
CCI-001566
Provide organization-defined personnel or roles with initial training in the employment and operation of physical security controls.
Draft
AT-3(2)
CCI-001567
Provide organization-defined personnel or roles with refresher training, thereafter, in the employment and operation of physical security controls in accordance with the organization-defined frequency.
Draft
AT-3(2)
CCI-001568
Defines a frequency for providing employees with refresher training in the employment and operation of physical security controls.
Draft
AT-3(2)
CCI-001569
Defines the frequency on which the current audit and accountability policy will be reviewed and updated.
Draft
AU-1
CCI-001570
Defines the frequency on which the current audit and accountability procedures will be reviewed and updated.
Draft
AU-1
CCI-001571
Defines the event types that the system is capable of logging in support of the audit function.
Draft
AU-2
CCI-001572
Defines the personnel or roles to be alerted in the event of an audit logging process failure.
Draft
AU-5
CCI-001573
Defines whether to reject or delay network traffic that exceeds organization-defined thresholds.
Draft
AU-5(3)
CCI-001574
The information system rejects or delays, as defined by the organization, network traffic which exceed the organization-defined thresholds.
Draft
CCI-001575
The organization defines the system or system component for storing audit records that is a different system or system component than the system or component being audited.
Draft
AU-9(2)
CCI-001576
The information system produces a system-wide (logical or physical) audit trail of information system audit records.
Deprecated
AU-12(1)
CCI-001577
Defines the system components from which audit records are to be compiled into the system-wide audit trail.
Draft
AU-12(1)
CCI-001578
Defines the frequency to review and update the current assessment, authorization, and monitoring procedures.
Draft
CA-1
CCI-001579
The organization conducts security control assessments using organization-defined forms of testing in accordance with organization-defined frequency and assessment techniques.
Draft
CCI-001580
The organization identifies connections to external information systems (i.e., information systems outside of the authorization boundary).
Draft
CCI-001581
The organization defines personnel or roles to whom the security status of the organization and the information system should be reported.
Draft
CA-7
CCI-001582
Defines other forms of control assessments other than in-depth monitoring; security instrumentation; automated security test cases; vulnerability scanning; malicious user testing; insider threat assessment; performance and load testing; data leakage or data loss assessment that should be included as part of the control assessments.
Draft
CA-2(2)
CCI-001583
The organization selects announced or unannounced assessments for each form of security control assessment.
Draft
CA-2(2)
CCI-001584
Defines the frequency with which to review and update configuration management procedures.
Draft
CM-1
CCI-001585
Defines the circumstances that require reviews and updates to the baseline configuration of the system.
Draft
CM-2(1)
CCI-001586
Defines the configuration change control element responsible for coordinating and providing oversight for configuration change control activities.
Draft
CM-3
CCI-001587
The organization, when analyzing new software in a separate test environment, looks for security impacts due to flaws, weaknesses, incompatibility, or intentional malice.
Draft
CCI-001588
The organization-defined security configuration checklists reflect the most restrictive mode consistent with operational requirements.
Draft
CM-6
CCI-001589
The organization incorporates detection of unauthorized, security-relevant configuration changes into the organization's incident response capability to ensure they are tracked.
Draft
CCI-001590
The organization develops a list of software programs authorized to execute on the information system.
Deprecated
Prev
1...
49
50
51
52
53
54
55
56
57
...172
Next