An error occurred:
Close sidebar
Xylok
Home Menu
info@xylok.io
© 2025
Xylok, LLC
Version: bugfix-XSS-85-d5bffe - rmfrev4
Xylok
Home Menu
info@xylok.io
© 2025
Xylok, LLC
Version: bugfix-XSS-85-d5bffe - rmfrev4
Open sidebar
Navigate
Top
Search
CCIs (
5137
)
Pages (
8/172
)
CCIs
Number
Definition
Status
Related
CCI-000211
Report on the results of information security measures of performance.
Draft
PM-6
CCI-000212
Develop an enterprise architecture with consideration for information security and the resulting risk to organizational operations, organizational assets, individuals, other organizations, and the Nation.
Draft
PM-7
CCI-000213
Enforce approved authorizations for logical access to information and system resources in accordance with applicable access control policies.
Draft
AC-3
CCI-000214
The organization establishes a Discretionary Access Control (DAC) policy that limits propagation of access rights.
Draft
CCI-000215
The organization establishes a Discretionary Access Control (DAC) policy that includes or excludes access to the granularity of a single user.
Draft
CCI-000216
Address information security issues in the development and documentation of a critical infrastructure and key resources protection plan.
Draft
PM-8
CCI-000217
Defines a time period after which inactive accounts are automatically disabled.
Draft
AC-2(3)
CCI-000218
The information system, when transferring information between different security domains, identifies information flows by data type specification and usage.
Draft
CCI-000219
When transferring information between different security domains, decompose information into organization-defined policy-relevant subcomponents for submission to policy enforcement mechanisms.
Draft
AC-4(13)
CCI-000220
The information system, when transferring information between different security domains, implements policy filters that constrain data structure and content to [Assignment: organization-defined information security policy requirements].
Deprecated
CCI-000221
The information system enforces security policies regarding information on interconnected systems.
Draft
CCI-000222
The information system uniquely identifies and authenticates source and destination domains for information transfer.
Deprecated
CCI-000223
The information system binds security attributes to information to facilitate information flow policy enforcement.
Draft
CCI-000224
The information system tracks problems associated with the security attribute binding.
Draft
CCI-000225
Employ the principle of least privilege, allowing only authorized accesses for users (or processes acting on behalf of users) which are necessary to accomplish assigned organizational tasks.
Draft
AC-6
CCI-000226
The information system provides the capability for a privileged administrator to configure organization-defined security policy filters to support different security policies.
Draft
CCI-000227
Develop a comprehensive strategy to manage security risk to organizational operations and assets, individuals, other organizations, and the Nation associated with the operation and use of information systems.
Draft
PM-9
CCI-000228
Implement the risk management strategy consistently across the organization.
Draft
PM-9
CCI-000229
The organization documents the security state of organizational information systems and the environments in which those systems operate through security authorization processes.
Draft
PM-10
CCI-000230
The organization tracks the security state of organizational information systems and the environments in which those systems operate through security authorization processes.
Draft
PM-10
CCI-000231
The organization reports the security state of organizational information systems and the environments in which those systems operate through security authorization processes.
Draft
PM-10
CCI-000232
Document and provide supporting rationale in the security plan for the system, user actions not requiring identification and authentication.
Draft
AC-14
CCI-000233
Designate individuals to fulfill specific roles and responsibilities within the organizational risk management process.
Draft
PM-10
CCI-000234
Integrate the authorization processes into an organization-wide risk management program.
Draft
PM-10
CCI-000235
Define organizational mission and business processes with consideration for information security and the resulting risk to organizational operations, organizational assets, individuals, other organizations, and the Nation.
Draft
PM-11
CCI-000236
Determine information protection needs arising from the defined mission and business processes.
Draft
PM-11
CCI-000237
The organization manages information system accounts by specifically authorizing and monitoring the use of guest/anonymous accounts and temporary accounts.
Draft
CCI-000238
Defines the frequency to review and update the current assessment, authorization, and monitoring policy.
Draft
CA-1
CCI-000239
Develop and document an organization-level; mission/business process; system-level assessment, authorization, and monitoring policy that addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance.
Draft
CA-1
CCI-000240
Disseminates to organization-defined personnel or roles an organization-level; mission/business process; system-level assessment, authorization, and monitoring policy.
Draft
CA-1
Prev
1...
4
5
6
7
8
9
10
11
12
...172
Next