An error occurred:
Close sidebar
Xylok
Home Menu
info@xylok.io
© 2025
Xylok, LLC
Version: bugfix-XSS-85-d5bffe - rmfrev4
Xylok
Home Menu
info@xylok.io
© 2025
Xylok, LLC
Version: bugfix-XSS-85-d5bffe - rmfrev4
Open sidebar
Navigate
Top
Search
CCIs (
5137
)
Pages (
7/172
)
CCIs
Number
Definition
Status
Related
CCI-000181
The organization manages information system authenticators by establishing reuse conditions for authenticators.
Draft
IA-5
CCI-000182
Manage system authenticators by changing or refreshing authenticators in accordance with the organization-defined time period by authenticator type or when organization-defined events occur.
Draft
IA-5
CCI-000183
Manage system authenticators by protecting authenticator content from unauthorized disclosure.
Draft
IA-5
CCI-000184
Manage system authenticators by requiring individuals to take, and having devices implement, specific security controls to protect authenticators.
Draft
IA-5
CCI-000185
For public key-based authentication, validate certificates by constructing and verifying a certification path to an accepted trust anchor including checking certificate status information.
Draft
IA-5(2)
CCI-000186
For public key-based authentication, enforce authorized access to the corresponding private key.
Draft
IA-5(2)
CCI-000187
For public key-based authentication, map the authenticated identity to the account of the individual or group.
Draft
IA-5(2)
CCI-000188
The organization requires that the registration process to receive an organizational-defined type of authenticator be carried out in person before a designated registration authority with authorization by a designated organizational official (e.g., a supervisor).
Draft
CCI-000189
The organization employs automated tools to determine if authenticators are sufficiently strong to resist attacks intended to discover or otherwise compromise the authenticators.
Draft
CCI-000190
The organization requires vendors/manufacturers of information system components to provide unique authenticators or change default authenticators prior to delivery.
Draft
CCI-000191
The organization enforces password complexity by the number of special characters used.
Deprecated
CCI-000192
The information system enforces password complexity by the minimum number of upper case characters used.
Draft
IA-5(1)
CCI-000193
The information system enforces password complexity by the minimum number of lower case characters used.
Draft
IA-5(1)
CCI-000194
The information system enforces password complexity by the minimum number of numeric characters used.
Draft
IA-5(1)
CCI-000195
The information system, for password-based authentication, when new passwords are created, enforces that at least an organization-defined number of characters are changed.
Draft
IA-5(1)
CCI-000196
The information system, for password-based authentication, stores only cryptographically-protected passwords.
Draft
IA-5(1)
CCI-000197
For password-based authentication, transmit passwords only over cryptographically-protected channels.
Draft
IA-5(1)
CCI-000198
The information system enforces minimum password lifetime restrictions.
Draft
IA-5(1)
CCI-000199
The information system enforces maximum password lifetime restrictions.
Draft
IA-5(1)
CCI-000200
The information system prohibits password reuse for the organization-defined number of generations.
Draft
IA-5(1)
CCI-000201
Protect authenticators commensurate with the security category of the information to which use of the authenticator permits access.
Draft
IA-5(6)
CCI-000202
The organization ensures unencrypted static authenticators are not embedded in access scripts.
Draft
IA-5(7)
CCI-000203
The organization ensures unencrypted static authenticators are not stored on function keys.
Draft
IA-5(7)
CCI-000204
Defines the security controls required to manage the risk of compromise due to individuals having accounts on multiple systems.
Draft
IA-5(8)
CCI-000205
The information system enforces minimum password length.
Draft
IA-5(1)
CCI-000206
Obscure feedback of authentication information during the authentication process to protect the information from possible exploitation and use by unauthorized individuals.
Draft
IA-6
CCI-000207
The organization develops and maintains an inventory of its information systems.
Draft
PM-5
CCI-000208
The organization determines normal time-of-day and duration usage for information system accounts.
Draft
CCI-000209
Develop the results of information security measures of performance.
Draft
PM-6
CCI-000210
Monitor the results of information security measures of performance.
Draft
PM-6
Prev
1...
3
4
5
6
7
8
9
10
11
...172
Next