The Control Correlation Identifier (CCI) provides a standard identifier and description for each of the singular, actionable statements that comprise an IA control or IA best practice. CCI bridges the gap between high-level policy expressions and low-level technical implementations. CCI allows a security requirement that is expressed in a high-level policy framework to be decomposed and explicitly associated with the low-level security setting(s) that must be assessed to determine compliance with the objectives of that specific security control. This ability to trace security requirements from their origin (e.g., regulations, IA frameworks) to their low-level implementation allows organizations to readily demonstrate compliance to multiple IA compliance frameworks. CCI also provides a means to objectively rollup and compare related compliance assessment results across disparate technologies.

CCI Downloads

  Title Size Updated
CCI List CCI List
414.68 KB 2024 01 17
CCI List Readme CCI List Readme
596 B 2022 03 30
CCI Specification CCI Specification
112.14 KB 2014 05 01
CCI Process CCI Process
37.09 KB 2011 02 28