An error occurred:
Close sidebar
Xylok
Home Menu
info@xylok.io
© 2025
Xylok, LLC
Version: bugfix-XSS-85-d5bffe - rmfrev4
Xylok
Home Menu
info@xylok.io
© 2025
Xylok, LLC
Version: bugfix-XSS-85-d5bffe - rmfrev4
Open sidebar
Navigate
Top
Search
CCIs (
5137
)
Pages (
71/172
)
CCIs
Number
Definition
Status
Related
CCI-002131
The organization defines the personnel or roles to be notified on account creation, modification, enabling, disabling, and removal actions.
Draft
AC-2(4)
CCI-002132
The information system notifies organization-defined personnel or roles for account enabling actions.
Draft
AC-2(4)
CCI-002133
Defines other conditions when users are required to log out.
Draft
AC-2(5)
CCI-002134
Defines a list of dynamic privilege management capabilities to be implemented.
Draft
AC-2(6)
CCI-002135
Implement the organization-defined list of dynamic privilege management capabilities.
Draft
AC-2(6)
CCI-002136
The organization defines the actions to be taken when privileged role assignments are no longer appropriate.
Draft
AC-2(7)
CCI-002137
Revoke access when privileged role or attribute assignments are no longer appropriate.
Draft
AC-2(7)
CCI-002138
Defines the system accounts that can be dynamically created.
Draft
AC-2(8)
CCI-002139
Create organization-defined system accounts dynamically.
Draft
AC-2(8)
CCI-002140
Defines the conditions for establishing shared/group accounts.
Draft
AC-2(9)
CCI-002141
Only permit the use of shared and group accounts that meet organization-defined conditions for establishing shared and group accounts.
Draft
AC-2(9)
CCI-002142
The information system terminates shared/group account credentials when members leave the group.
Draft
AC-2(10)
CCI-002143
Defines the circumstances and/or usage conditions that are to be enforced for organization-defined information system accounts.
Draft
AC-2(11)
CCI-002144
Defines the system accounts that are to be subject to the enforcement of organization-defined circumstances and/or usage conditions.
Draft
AC-2(11)
CCI-002145
Enforce organization-defined circumstances and/or usage conditions for organization-defined system accounts.
Draft
AC-2(11)
CCI-002146
Defines atypical usage for which the system accounts are to be monitored.
Draft
AC-2(12)
CCI-002147
Monitor system accounts for organization-defined atypical usage.
Draft
AC-2(12)
CCI-002148
Defines the personnel or roles to whom atypical usage of system accounts are to be reported.
Draft
AC-2(12)
CCI-002149
Report atypical usage of system accounts to organization-defined personnel or roles.
Draft
AC-2(12)
CCI-002150
Defines the time period within which the accounts of users posing a significant risk are to be disabled after discovery of the risk.
Draft
AC-2(13)
CCI-002151
Disable accounts of individuals within an organization-defined time-period of discovery of organization-defined significant risk.
Draft
AC-2(13)
CCI-002152
Defines other actions necessary for which dual authorization is to be enforced.
Draft
AC-3(2)
CCI-002153
Defines the mandatory access control policies that are to be enforced over all subjects and objects.
Draft
AC-3(3)
CCI-002154
Enforce organization-defined mandatory access control policy over the set of covered subjects and objects specified in the policy, and where the policy is uniformly enforced across the covered subjects and objects within the system.
Draft
AC-3(3)
CCI-002155
Enforce organization-defined mandatory access control policy over the set of covered subjects and objects specified in the policy, and where the policy specifies that a subject that has been granted access to information is constrained from passing the information to unauthorized subjects or objects.
Draft
AC-3(3)
CCI-002156
Enforce organization-defined mandatory access control policy over the set of covered subjects and objects specified in the policy, and where the policy specifies that a subject that has been granted access to information is constrained from granting its privileges to other subjects.
Draft
AC-3(3)
CCI-002157
Enforce organization-defined mandatory access control policy over the set of covered subjects and objects specified in the policy, and where the policy specifies that a subject that has been granted access to information is constrained from changing one or more security attributes on subjects, objects, the system, or system components.
Draft
AC-3(3)
CCI-002158
Enforce organization-defined mandatory access control policy over the set of covered subjects and objects specified in the policy, and where the policy specifies that a subject that has been granted access to information is constrained from choosing the security attributes to be associated with newly created or modified objects.
Draft
AC-3(3)
CCI-002159
Enforce organization-defined mandatory access control policy over the set of covered subjects and objects specified in the policy, and where the policy specifies that a subject that has been granted access to information is constrained from choosing the attribute values to be associated with newly created or modified objects.
Draft
AC-3(3)
CCI-002160
Enforce organization-defined mandatory access control policy over the set of covered subjects and objects specified in the policy, and where the policy specifies that a subject that has been granted access to information is constrained from changing the rules governing access control.
Draft
AC-3(3)
Prev
1...
67
68
69
70
71
72
73
74
75
...172
Next