An error occurred:
Close sidebar
Xylok
Home Menu
info@xylok.io
© 2025
Xylok, LLC
Version: bugfix-XSS-85-d5bffe - rmfrev4
Xylok
Home Menu
info@xylok.io
© 2025
Xylok, LLC
Version: bugfix-XSS-85-d5bffe - rmfrev4
Open sidebar
Navigate
Top
Search
CCIs (
5137
)
Pages (
69/172
)
CCIs
Number
Definition
Status
Related
CCI-002071
Defines the individuals or roles to whom the results of the control assessment are to be provided.
Draft
CA-2
CCI-002072
The organization defines the unclassified, national security systems that are prohibited from directly connecting to an external network without the use of an organization-defined boundary protection device.
Draft
CA-3(1)
CCI-002073
The organization defines the boundary protection device to be used to connect organization-defined unclassified, national security systems to an external network.
Draft
CA-3(1)
CCI-002074
The organization defines the boundary protection device to be used for the direct connection of classified, national security system to an external network.
Draft
CA-3(2)
CCI-002075
The organization prohibits the direct connection of an organization-defined unclassified, non-national security system to an external network without the use of organization-defined boundary protection device.
Draft
CA-3(3)
CCI-002076
The organization defines the unclassified, non-national security system that is prohibited from directly connecting to an external network without the use of an organization-defined boundary protection device.
Draft
CA-3(3)
CCI-002077
The organization defines the boundary protection device to be used to directly connect an organization-defined unclassified, non-national security system to an external network.
Draft
CA-3(3)
CCI-002078
The organization prohibits the direct connection of an organization-defined information system to a public network.
Draft
CA-3(4)
CCI-002079
The organization defines the information system that is prohibited from directly connecting to a public network.
Draft
CA-3(4)
CCI-002080
The organization employs either an allow-all, deny-by-exception or a deny-all, permit-by-exception policy for allowing organization-defined information systems to connect to external information systems.
Draft
CA-3(5)
CCI-002081
The organization defines the information systems that employ either an allow-all, deny-by-exception or a deny-all, permit-by-exception policy for allowing connections to external information systems.
Draft
CA-3(5)
CCI-002082
The organization selects either an allow-all, deny-by-exception or a deny-all, permit-by-exception policy for allowing organization-defined information systems to connect to external information systems.
Draft
CA-3(5)
CCI-002083
Review and update the agreements on an organization-defined frequency.
Draft
CA-3
CCI-002084
Defines the frequency at which reviews and updates to the agreements must be conducted.
Draft
CA-3
CCI-002085
The organization defines the level of independence the assessors or assessment teams must have to monitor the security controls in the information system on an ongoing basis.
Draft
CA-7(1)
CCI-002086
Employ trend analyses to determine if control implementations, the frequency of continuous monitoring activities, and the types of activities used in the continuous monitoring process need to be modified based on empirical data.
Draft
CA-7(3)
CCI-002087
Establish organization-defined system-level metrics to be monitored.
Draft
CA-7
CCI-002088
Establish organization-defined frequencies for monitoring.
Draft
CA-7
CCI-002089
The organization establishes and defines the frequencies for assessments supporting continuous monitoring.
Draft
CA-7
CCI-002090
Implement ongoing monitoring of system and organization-defined metrics in accordance with the continuous monitoring strategy.
Draft
CA-7
CCI-002091
Implement a continuous monitoring program that includes correlation and analysis of information generated by assessments and monitoring.
Draft
CA-7
CCI-002092
Implement a continuous monitoring program that includes response actions to address results of the analysis of control assessment and monitoring information.
Draft
CA-7
CCI-002093
Conduct penetration testing in accordance with organization-defined frequency on organization-defined systems or system components.
Draft
CA-8
CCI-002094
Defines the frequency for conducting penetration testing on organization-defined systems or system components.
Draft
CA-8
CCI-002095
Defines the systems or system components on which penetration testing will be conducted.
Draft
CA-8
CCI-002096
Employ an independent penetration agent or penetration team to perform penetration testing on the system or system components.
Draft
CA-8(1)
CCI-002097
Defines red team exercises to simulate attempts by adversaries to compromise organizational systems.
Draft
CA-8(2)
CCI-002098
The organization defines rules of engagement for red team exercises to simulate attempts by adversaries to compromise organizational information systems.
Draft
CA-8(2)
CCI-002099
Employ organization-defined red team exercises to simulate attempts by adversaries to compromise organizational systems in accordance with applicable rules of engagement.
Draft
CA-8(2)
CCI-002100
Perform security compliance checks on constituent components prior to the establishment of the internal connection.
Draft
CA-9(1)
Prev
1...
65
66
67
68
69
70
71
72
73
...172
Next