An error occurred:
Close sidebar
Xylok
Home Menu
info@xylok.io
© 2025
Xylok, LLC
Version: bugfix-XSS-85-d5bffe - rmfrev4
Xylok
Home Menu
info@xylok.io
© 2025
Xylok, LLC
Version: bugfix-XSS-85-d5bffe - rmfrev4
Open sidebar
Navigate
Top
Search
CCIs (
5137
)
Pages (
55/172
)
CCIs
Number
Definition
Status
Related
CCI-001621
Implement organization-defined security controls to manage the risk of compromise due to individuals having accounts on multiple systems.
Draft
IA-5(8)
CCI-001622
The organization identifies personnel with incident response roles and responsibilities with respect to the information system.
Draft
CCI-001623
The incident response training material addresses the procedures and activities necessary to fulfill identified organizational incident response roles and responsibilities.
Draft
CCI-001624
The organization documents the results of incident response tests.
Draft
IR-3
CCI-001625
Implement the resulting incident handling activity changes to incident response procedures, training, and testing accordingly.
Draft
IR-4
CCI-001626
The organization employs automated mechanisms to assist in the collection of security incident information.
Draft
IR-5(1)
CCI-001627
The organization employs automated mechanisms to assist in the analysis of security incident information.
Draft
IR-5(1)
CCI-001628
Defines a frequency with which to review and update the current maintenance procedures.
Draft
MA-1
CCI-001629
The organization employs automated mechanisms to produce up-to-date, accurate, complete, and available records of all maintenance and repair actions needed, in process, and complete.
Draft
CCI-001630
Designated organizational personnel review the maintenance records of the non-local maintenance and diagnostic sessions.
Draft
CCI-001631
After the service is performed, inspect and sanitize the component (for potentially malicious software) before reconnecting the component to the system.
Draft
MA-4(3)
CCI-001632
Protect nonlocal maintenance sessions by separating the maintenance session from other network sessions with the system by either physically separated communications paths or logically separated communications paths based upon encryption.
Draft
MA-4(4)
CCI-001633
The organization defines removable media types and information output requiring marking.
Draft
CCI-001634
The organization identifies authorized personnel with appropriate clearances and access authorizations for gaining physical access to the facility containing an information system that processes classified information.
Draft
CCI-001635
Remove individuals from the facility access list when access is no longer required.
Draft
PE-2
CCI-001636
Defines the frequency with which to review and update the current planning policy.
Draft
PL-1
CCI-001637
Review and update the current planning policy in accordance with organization-defined frequency.
Draft
PL-1
CCI-001638
Defines the frequency with which to review and update the current planning procedures.
Draft
PL-1
CCI-001639
The organization makes readily available to individuals requiring access to the information system the rules that describe their responsibilities and expected behavior with regard to information and information system usage.
Draft
PL-4
CCI-001640
Address information security issues in the updating of a critical infrastructure and key resources protection plan.
Draft
PM-8
CCI-001641
Defines the process for conducting random vulnerability scans on the system and hosted applications.
Draft
RA-5
CCI-001642
Defines the organizational document in which risk assessment results are documented (e.g., security plan, privacy plan; risk assessment report).
Draft
RA-3
CCI-001643
Monitor and scan for vulnerabilities in the system and hosted applications in accordance with the organization-defined process for random scans.
Draft
RA-5
CCI-001644
The organization employs vulnerability scanning procedures that can demonstrate the depth of coverage (i.e., vulnerabilities checked).
Draft
CCI-001645
The organization identifies the information system components to which privileged access is authorized for selected organization-defined vulnerability scanning activities.
Draft
RA-5(5)
CCI-001646
Defines the frequency with which to review and update the current system and services acquisition procedures.
Draft
SA-1
CCI-001647
The organization requires the use of a FIPS-validated, cryptographic module for a technology product that relies on cryptographic functionality to enforce its security policy when no U.S. Government Protection Profile exists for such a specific technology type.
Draft
CCI-001648
The organization makes available to authorized personnel the source code for the information system to permit analysis and testing.
Draft
CCI-001649
The organization identifies and documents (as appropriate) explicit rules to be enforced when governing the installation of software by users.
Draft
CCI-001650
The organization requires the information system developers to manage and control changes to the information system during development.
Draft
Prev
1...
51
52
53
54
55
56
57
58
59
...172
Next