An error occurred:
Close sidebar
Xylok
Home Menu
info@xylok.io
© 2025
Xylok, LLC
Version: bugfix-XSS-85-d5bffe - rmfrev4
Xylok
Home Menu
info@xylok.io
© 2025
Xylok, LLC
Version: bugfix-XSS-85-d5bffe - rmfrev4
Open sidebar
Navigate
Top
Search
CCIs (
5137
)
Pages (
58/172
)
CCIs
Number
Definition
Status
Related
CCI-001741
Document configuration change decisions associated with the system.
Draft
CM-3
CCI-001742
Defines the approval authorities to be notified when proposed changes to the system are received.
Draft
CM-3(1)
CCI-001743
Defines the security responses to be automatically implemented if baseline configurations are changed in an unauthorized manner.
Draft
CM-3(5)
CCI-001744
Implement organization-defined security responses automatically if baseline configurations are changed in an unauthorized manner.
Draft
CM-3(5)
CCI-001745
Defines the controls that are to be provided by the cryptographic mechanisms are under configuration management.
Draft
CM-3(6)
CCI-001746
Ensure that cryptographic mechanisms used to provide organization-defined control are under configuration management.
Draft
CM-3(6)
CCI-001747
The organization defines critical software components the information system will prevent from being installed without verification the component has been digitally signed using a certificate that is recognized and approved by the organization.
Draft
CM-5(3)
CCI-001748
The organization defines critical firmware components the information system will prevent from being installed without verification the component has been digitally signed using a certificate that is recognized and approved by the organization.
Draft
CM-5(3)
CCI-001749
The information system prevents the installation of organization-defined software components without verification the software component has been digitally signed using a certificate that is recognized and approved by the organization.
Draft
CM-5(3)
CCI-001750
The information system prevents the installation of organization-defined firmware components without verification the firmware component has been digitally signed using a certificate that is recognized and approved by the organization.
Draft
CM-5(3)
CCI-001751
Defines system-level information requiring enforcement of a dual authorization for system changes.
Draft
CM-5(4)
CCI-001752
Enforce dual authorization for implementing changes to organization-defined system-level information.
Draft
CM-5(4)
CCI-001753
Limit privileges to change system components within a production or operational environment.
Draft
CM-5(5)
CCI-001754
Limit privileges to change system-related information within a production or operational environment.
Draft
CM-5(5)
CCI-001755
Defines the system components for which any deviation from the established configuration settings are to be identified, documented, and approved.
Draft
CM-6
CCI-001756
Defines the operational requirements on which the configuration settings for the organization-defined system components are to be based.
Draft
CM-6
CCI-001757
Defines the actions to employ when responding to unauthorized changes to the organization-defined configuration settings.
Draft
CM-6(2)
CCI-001758
Defines the configuration settings for which to employ organization-defined actions in response to unauthorized changes.
Draft
CM-6(2)
CCI-001759
Take organization-defined actions in response to unauthorized changes to organization-defined configuration settings.
Draft
CM-6(2)
CCI-001760
Defines the frequency of system reviews to identify unnecessary and/or nonsecure functions, ports, protocols, software, and services.
Draft
CM-7(1)
CCI-001761
Defines the functions, ports, protocols, software, and services within the information system that are to be disabled or removed when deemed unnecessary and/or nonsecure.
Draft
CM-7(1)
CCI-001762
Disable or remove organization-defined functions, ports, protocols, software, and services within the system deemed to be unnecessary and/or nonsecure.
Draft
CM-7(1)
CCI-001763
Defines the policies regarding software program usage and restrictions.
Draft
CM-7(2)
CCI-001764
Prevent program execution in accordance with organization-defined policies, rules of behavior, and/or access agreements regarding software program usage and restrictions; rules authorizing the terms and conditions of software program usage.
Draft
CM-7(2)
CCI-001765
Defines the software programs not authorized to execute on the system.
Draft
CM-7(4)
CCI-001766
Identify the organization-defined software programs not authorized to execute on the system.
Draft
CM-7(4)
CCI-001767
Employ an allow-all, deny-by-exception policy to prohibit the execution of unauthorized software programs on the system.
Draft
CM-7(4)
CCI-001768
Defines the frequency on which the list of unauthorized software programs will be reviewed and updated.
Draft
CM-7(4)
CCI-001769
The organization defines the frequency on which it will update the list of unauthorized software programs.
Deprecated
CM-7(4)
CCI-001770
Review and update the list of unauthorized software programs per organization-defined frequency.
Draft
CM-7(4)
Prev
1...
54
55
56
57
58
59
60
61
62
...172
Next