An error occurred:
Close sidebar
Xylok
Home Menu
info@xylok.io
© 2025
Xylok, LLC
Version: bugfix-XSS-85-d5bffe - rmfrev4
Xylok
Home Menu
info@xylok.io
© 2025
Xylok, LLC
Version: bugfix-XSS-85-d5bffe - rmfrev4
Open sidebar
Navigate
Top
Search
CCIs (
5137
)
Pages (
68/172
)
CCIs
Number
Definition
Status
Related
CCI-002041
The information system allows the use of a temporary password for system logons with an immediate change to a permanent password.
Draft
IA-5(1)
CCI-002042
Manage system authenticators by protecting authenticator content from unauthorized modification.
Draft
IA-5
CCI-002043
The organization uses only FICAM-approved path discovery and validation products and services.
Draft
IA-5(15)
CCI-002044
Defines measures to be employed to ensure that long-term audit records generated by the system can be retrieved.
Draft
AU-11(1)
CCI-002045
Employ organization-defined measures to ensure that long-term audit records generated by the information system can be retrieved.
Draft
AU-11(1)
CCI-002046
The information system synchronizes the internal system clocks to the authoritative time source when the time difference is greater than the organization-defined time period.
Draft
AU-8(1)
CCI-002047
Defines the system components on which the auditing that is to be performed can be changed by organization-defined individuals or roles.
Draft
AU-12(3)
CCI-002048
Defines the personnel or roles to whom the awareness and training policy is disseminated.
Draft
AT-1
CCI-002049
Defines the personnel or roles to whom the organization-level; mission/business process-level; system-level awareness and training procedures are disseminated.
Draft
AT-1
CCI-002050
Defines the personnel or roles to whom initial and refresher training in the employment and operation of environmental controls is to be provided.
Draft
AT-3(1)
CCI-002051
Defines the personnel or roles to whom initial and refresher training in the employment and operation of physical security controls is to be provided.
Draft
AT-3(2)
CCI-002052
Provide practical exercises in security training that reinforce training objectives.
Draft
AT-3(3)
CCI-002053
The organization provides training to its personnel on organization-defined indicators of malicious code to recognize suspicious communications and anomalous behavior in organizational information systems.
Draft
AT-3(4)
CCI-002054
The organization defines indicators of malicious code to recognize suspicious communications and anomalous behavior in organizational information systems.
Draft
AT-3(4)
CCI-002055
Provide literacy training on recognizing and reporting potential indicators of insider threat.
Draft
AT-2(2)
CCI-002056
Defines the time period the records of configuration-controlled changes are to be retained.
Draft
CM-3
CCI-002057
Defines the personnel to be notified when approved changes to the system are completed.
Draft
CM-3(1)
CCI-002058
Employ automated mechanisms to notify organization-defined personnel when approved changes to the system are completed.
Draft
CM-3(1)
CCI-002059
Defines the system components for which the organization will employ automated mechanisms to centrally manage, apply, and verify configuration settings.
Draft
CM-6(1)
CCI-002060
The organization develops and documents a security assessment and authorization policy that addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance.
Deprecated
CA-1
CCI-002061
Defines the personnel or roles to whom the organization-level; mission/business process; system-level assessment, authorization, and monitoring policy is to be disseminated.
Draft
CA-1
CCI-002062
Defines the personnel or roles to whom the assessment, authorization, monitoring procedures are to be disseminated.
Draft
CA-1
CCI-002063
The organization defines the level of independence for assessors or assessment teams to conduct security control assessments of organizational information systems.
Draft
CA-2(1)
CCI-002064
The organization selects one or more security assessment techniques to be conducted.
Draft
CA-2(2)
CCI-002065
Defines the frequency at which to conduct control assessments.
Draft
CA-2(2)
CCI-002066
Leverage the results of control assessments of the organization-defined system performed by an organization-defined external organization when the assessment meets organization-defined requirements.
Draft
CA-2(3)
CCI-002067
Defines the system for which the results of control assessments will be leveraged.
Draft
CA-2(3)
CCI-002068
Defines the external organizations from which control assessment results for organization-defined systems will be accepted.
Draft
CA-2(3)
CCI-002069
Defines the requirements the control assessments for organization-defined systems from organization-defined external organizations must meet.
Draft
CA-2(3)
CCI-002070
Develop a control assessment plan that describes the scope of the assessment including assessment team, and assessment roles and responsibilities.
Draft
CA-2
Prev
1...
64
65
66
67
68
69
70
71
72
...172
Next