An error occurred:
Close sidebar
Xylok
Home Menu
info@xylok.io
© 2025
Xylok, LLC
Version: bugfix-XSS-85-d5bffe - rmfrev4
Xylok
Home Menu
info@xylok.io
© 2025
Xylok, LLC
Version: bugfix-XSS-85-d5bffe - rmfrev4
Open sidebar
Navigate
Top
Search
CCIs (
5137
)
Pages (
9/172
)
CCIs
Number
Definition
Status
Related
CCI-000241
Review and update the current assessment, authorization, and monitoring policy on an organization-defined frequency.
Draft
CA-1
CCI-000242
Develop and document procedures to facilitate the implementation of the assessment, authorization, and monitoring policy and associated assessment, authorization, and monitoring controls.
Draft
CA-1
CCI-000243
Disseminate to organization-defined personnel or roles procedures to facilitate the implementation of the assessment, authorization, and monitoring policy and associated assessment, authorization, and monitoring controls.
Draft
CA-1
CCI-000244
Review and update the current assessment, authorization, and monitoring procedures on an organization-defined frequency.
Draft
CA-1
CCI-000245
The organization develops a security assessment plan for the information system and its environment of operation.
Draft
CA-2
CCI-000246
Develop a control assessment plan that describes the scope of the assessment including controls and control enhancements under assessment.
Draft
CA-2
CCI-000247
Develop a control assessment plan that describes the scope of the assessment including assessment procedures to be used to determine control effectiveness.
Draft
CA-2
CCI-000248
Develop a control assessment plan that describes the scope of the assessment including assessment environment.
Draft
CA-2
CCI-000249
The organizations security assessment plan describes the assessment team.
Draft
CCI-000250
The organization's security assessment plan describes assessment roles and responsibilities.
Draft
CCI-000251
Assess the controls in the systems and its environment of operation on an organization-defined frequency, to determine the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting the security requirements.
Draft
CA-2
CCI-000252
Defines the frequency on which the security controls in the system and its environment of operation are assessed.
Draft
CA-2
CCI-000253
Produce a control assessment report that document the results of the assessment.
Draft
CA-2
CCI-000254
Provide the results of the control assessment to organization-defined individuals or roles.
Draft
CA-2
CCI-000255
Employ independent assessors or assessment teams to conduct control assessments.
Draft
CA-2(1)
CCI-000256
Include as part of the control assessments, announced or unannounced, on an organization-defined frequency, in-depth monitoring; security instrumentation; automated security test cases; vulnerability scanning; malicious user testing; insider threat assessment; performance and load testing; data leakage or data loss assessment; and/or organization-defined other forms of assessment.
Draft
CA-2(2)
CCI-000257
The organization authorizes connections from the information system to other information systems through the use of Interconnection Security Agreements.
Draft
CA-3
CCI-000258
Document, as part of each exchange agreement, the interface characteristics.
Draft
CA-3
CCI-000259
Document, as part of each exchange agreement, the security requirements, controls and responsibilities for each system, and the impact level of the information communicated.
Draft
CA-3
CCI-000260
The organization documents, for each interconnection, the nature of the information communicated.
Draft
CA-3
CCI-000261
The organization monitors the information system connections on an ongoing basis to verify enforcement of security requirements.
Draft
CCI-000262
The organization prohibits the direct connection of an organization-defined unclassified, national security system to an external network without the use of an organization-defined boundary protection device.
Draft
CA-3(1)
CCI-000263
The organization prohibits the direct connection of a classified, national security system to an external network without the use of organization-defined boundary protection device.
Draft
CA-3(2)
CCI-000264
Develop a plan of action and milestones for the system to document the planned remediation actions of the organization to correct weaknesses or deficiencies noted during the assessment of the controls and to reduce or eliminate known vulnerabilities in the system.
Draft
CA-5
CCI-000265
Defines the frequency with which to update the existing plan of action and milestones for the system.
Draft
CA-5
CCI-000266
Update, on an organization-defined frequency, the existing plan of action and milestones based on the findings from control assessments, independent audits or reviews, and continuous monitoring activities.
Draft
CA-5
CCI-000267
Ensure the accuracy of the plan of action and milestones for the system using organization-defined automated mechanisms.
Draft
CA-5(1)
CCI-000268
Ensure the currency of the plan of action and milestones for the system using organization-defined automated mechanisms.
Draft
CA-5(1)
CCI-000269
Ensure the availability of the plan of action and milestones for the system using organization-defined automated mechanisms.
Draft
CA-5(1)
CCI-000270
Assign a senior official as the authorizing official for the system.
Draft
CA-6
Prev
1...
5
6
7
8
9
10
11
12
13
...172
Next