An error occurred:
Close sidebar
Xylok
Home Menu
info@xylok.io
© 2025
Xylok, LLC
Version: releases-v2025.07.1-5f5778 - rmfrev4
Xylok
Home Menu
info@xylok.io
© 2025
Xylok, LLC
Version: releases-v2025.07.1-5f5778 - rmfrev4
Open sidebar
Navigate
Top
Search
CCIs (
5137
)
Pages (
96/172
)
CCIs
Number
Definition
Status
Related
CCI-002881
The organization prevents the unauthorized removal of maintenance equipment containing organizational information by obtaining an exemption from organization-defined personnel or roles explicitly authorizing removal of the equipment from the facility.
Deprecated
MA-3(3)
CCI-002882
Defines the personnel or roles who can provide an exemption that explicitly authorizes removal of equipment from the facility.
Draft
MA-3(3)
CCI-002883
Restrict the use of maintenance tools to authorized personnel only.
Draft
MA-3(4)
CCI-002884
Log organization-defined audit events for nonlocal maintenance and diagnostic sessions.
Draft
MA-4(1)
CCI-002885
Defines the audit events for logged for nonlocal maintenance and diagnostic sessions.
Draft
MA-4(1)
CCI-002886
Review the audit records of the maintenance and diagnostic sessions to detect anomalous behavior.
Draft
MA-4(1)
CCI-002887
Defines the authenticators that are replay resistant which will be employed to protect nonlocal maintenance sessions.
Draft
MA-4(4)
CCI-002888
Defines the personnel or roles authorized to approve each nonlocal maintenance session.
Draft
MA-4(5)
CCI-002889
Notify organization-defined personnel or roles of the date and time of planned nonlocal maintenance.
Draft
MA-4(5)
CCI-002890
Implement organization-defined cryptographic mechanisms to protect the integrity of nonlocal maintenance and diagnostic communications.
Draft
MA-4(6)
CCI-002891
Verify session and network connection termination after the completion of nonlocal maintenance and diagnostic sessions.
Draft
MA-4(7)
CCI-002892
The organization develops and implements alternate security safeguards in the event an information system component cannot be sanitized, removed, or disconnected from the system.
Draft
MA-5(1)
CCI-002893
Ensure that non-escorted personnel performing maintenance activities not directly associated with the system but in the physical proximity of the system, have required access authorization.
Draft
MA-5(5)
CCI-002894
Verify that non-escorted personnel performing maintenance on the system possess the required access authorizations.
Draft
MA-5
CCI-002895
Designate organizational personnel with required access authorizations and technical competence to supervise the maintenance activities of personnel who do not possess the required access authorizations.
Draft
MA-5
CCI-002896
Defines the system components for which it obtains maintenance support and/or spare parts.
Draft
MA-6
CCI-002897
Defines a time period for obtaining maintenance support and/or spare parts for organization-defined system components after a failure.
Draft
MA-6
CCI-002898
Perform preventive maintenance on organization-defined information system components at organization-defined time intervals.
Draft
MA-6(1)
CCI-002899
Defines system components on which to perform preventive maintenance.
Draft
MA-6(1)
CCI-002900
Defines time intervals at which to perform preventive maintenance on organization-defined system components.
Draft
MA-6(1)
CCI-002901
Perform predictive maintenance on organization-defined system components at organization-defined intervals.
Draft
MA-6(2)
CCI-002902
Defines system components on which to perform predictive maintenance.
Draft
MA-6(2)
CCI-002903
Defines time intervals at which to perform predictive maintenance on organization-defined system components.
Draft
MA-6(2)
CCI-002904
Transfer predictive maintenance data to a maintenance management system using organization-defined automated mechanisms.
Draft
MA-6(3)
CCI-002905
The organization employs automated mechanisms to schedule, conduct, and document maintenance.
Draft
MA-2(2)
CCI-002906
Defines the vulnerability scanning activities in which the system implements privileged access authorization to organization-identified system components.
Draft
RA-5(5)
CCI-002907
Defines the system mode to be invoked, such as a full system shutdown, a partial system shutdown, or a degraded operational mode with limited mission or business functionality available, in the event of organization-defined audit logging failures.
Draft
AU-5(4)
CCI-002908
Defines the personnel or roles to whom an organization-level; mission/business process-level; and/or system-level physical and environmental protection policy is disseminated.
Draft
PE-1
CCI-002909
Defines the personnel or roles to whom the physical and environmental protection procedures are disseminated.
Draft
PE-1
CCI-002910
Approve a list of individuals with authorized access to the facility where the system resides.
Draft
PE-2
Prev
1...
92
93
94
95
96
97
98
99
100
...172
Next