An error occurred:
Close sidebar
Xylok
Home Menu
info@xylok.io
© 2025
Xylok, LLC
Version: bugfix-XSS-85-d5bffe - rmfrev4
Xylok
Home Menu
info@xylok.io
© 2025
Xylok, LLC
Version: bugfix-XSS-85-d5bffe - rmfrev4
Open sidebar
Navigate
Top
Search
CCIs (
5137
)
Pages (
77/172
)
CCIs
Number
Definition
Status
Related
CCI-002311
Establish and document configuration/connection requirements for each type of remote access allowed.
Draft
AC-17
CCI-002312
Establish and document implementation guidance for each type of remote access allowed.
Draft
AC-17
CCI-002313
The information system controls remote access methods.
Deprecated
AC-17(1)
CCI-002314
Employ automated mechanisms to control remote access methods.
Draft
AC-17(1)
CCI-002315
The organization defines the number of managed network access control points through which the information system routes all remote access.
Draft
AC-17(3)
CCI-002316
Authorize access to security-relevant information via remote access only in a format that provides assessable evidence for organization-defined needs.
Draft
AC-17(4)
CCI-002317
Defines the needs for when the execution of privileged commands via remote access is to be authorized.
Draft
AC-17(4)
CCI-002318
Defines the needs for when access to security-relevant information via remote access is to be authorized.
Draft
AC-17(4)
CCI-002319
Document the rationale for authorization of the execution of privilege commands via remote access.
Draft
AC-17(4)
CCI-002320
Document the rationale for authorization of access to security-relevant information via remote access.
Draft
AC-17(4)
CCI-002321
Defines the time-period within which it disconnects or disables remote access to the system.
Draft
AC-17(9)
CCI-002322
Provide the capability to disconnect or disable remote access to the system within the organization-defined time period.
Draft
AC-17(9)
CCI-002323
Establish configuration requirements and connection requirements for wireless access.
Draft
AC-18
CCI-002324
Identify and explicitly authorize users allowed to independently configure wireless networking capabilities.
Draft
AC-18(4)
CCI-002325
Establish configuration requirements for organization-controlled mobile devices, to include when such devices are outside of controlled areas.
Draft
AC-19
CCI-002326
Establish connection requirements for organization-controlled mobile devices, to include when such devices are outside of controlled areas.
Draft
AC-19
CCI-002327
Defines the security policies which restrict the connection of classified mobile devices to classified systems.
Draft
AC-19(4)
CCI-002328
Restrict the connection of classified mobile devices to classified systems in accordance with organization-defined security policies.
Draft
AC-19(4)
CCI-002329
Defines the mobile devices that are to employ full-device or container encryption to protect the confidentiality and integrity of the information on the device.
Draft
AC-19(5)
CCI-002330
Employ full-device encryption or container encryption to protect the confidentiality of information on organization-defined mobile devices.
Draft
AC-19(5)
CCI-002331
Employ full-device encryption or container encryption to protect the integrity of information on organization-defined mobile devices.
Draft
AC-19(5)
CCI-002332
Establish organization-defined terms and conditions, and/or identify organization-defined controls asserted to be implemented on external systems, consistent with the trust relationships established with other organizations owning, operating, and/or maintaining external systems, allowing authorized individuals to process, store, or transmit organization-controlled information using the external systems.
Draft
AC-20
CCI-002333
The organization permits authorized individuals to use an external information system to access the information system only when the organization verifies the implementation of required security controls on the external system as specified in the organization's information security policy and security plan.
Draft
AC-20(1)
CCI-002334
The organization permits authorized individuals to use an external information system to process organization-controlled information only when the organization verifies the implementation of required security controls on the external system as specified in the organization's information security policy and security plan.
Draft
AC-20(1)
CCI-002335
The organization permits authorized individuals to use an external information system to store organization-controlled information only when the organization verifies the implementation of required security controls on the external system as specified in the organization's information security policy and security plan.
Draft
AC-20(1)
CCI-002336
The organization permits authorized individuals to use an external information system to transmit organization-controlled information only when the organization verifies the implementation of required security controls on the external system as specified in the organization's information security policy and security plan.
Draft
AC-20(1)
CCI-002337
Permit authorized individuals to use an external system to access the system or to process, store, or transmit organization-controlled information only after the system retains approved system connection or processing agreements with the organizational entity hosting the external system.
Draft
AC-20(1)
CCI-002338
Restrict the use of non-organizationally owned systems or system components to process, store, or transmit organizational information using organization-defined restrictions.
Draft
AC-20(3)
CCI-002339
Defines the network accessible storage devices that are to be prohibited from being used in external systems.
Draft
AC-20(4)
CCI-002340
Prohibit the use of organization-defined network accessible storage devices in external systems.
Draft
AC-20(4)
Prev
1...
73
74
75
76
77
78
79
80
81
...172
Next