Refers to standardized control identifiers used in managing and tracking security controls.  The CCI contains the 2 letter acronym associated with the control, as well as primary and sub-control number for the primary control and sub-control:

AC-01-00-00 = Access Control Family (AC–01), 

Primary Control (00) subcontrol (00)

AC-02-01-01 = Access Control Family (AC-02), Primary Control (01) – subcontrol (01)

This approach allows for higher level of fidelity in control responses and requirements definition as one control in the NIST Framework can have multiple sub-requirements and might be missed if not broken apart.

(Insert Image)

CCI Responses refer to the actions or measures taken in response to identified Control Correlation Identifiers. (CCI Responses)

These responses aim to address and mitigate security control issues. CCI responses involve implementing specific security measures or changes to ensure compliance with established controls.

 

Applicability: Applicable in control identification, management, and tracking.

URL: Control Identification Overview

 

Detailed Definition (Expand to Long Content using layman’s terms and use imagery): Control Correlation Identifiers are unique identifiers assigned to specific security controls. They serve as a way to standardize and identify controls across different systems and platforms.
CCIs help in breaking down security controls into manageable and identifiable units. They provide a standardized language for discussing and implementing security measures.

Applicability: CCIs are applicable in the context of information security, particularly in standardizing and managing security controls.

URL: NIST Glossary – Control Correlation Identifier (CCI)

 

Title: The CCI (Control Correlation Identifier) process involves submitting information related to controls, findings, and security configurations to be linked to the CCI registry. (CCI Process)

Detailed Definition (Expand to Long Content using layman’s terms and use imagery): The CCI (Control Correlation Identifier) process involves submitting information related to controls, findings, and security configurations to be linked to the CCI registry.

Applicability: 

  • A vendor-state development process linking products to CCIs.
  • Enhances the traceability of security controls and findings.
  • Aids in secure deployment of technology.

URL: Control Correlation Identifier (CCI)