Scribd Logo
Upload

Welcome to Scribd!

  • Control Correlation Identifier (CCI) Process: Draft

    Uploaded by

    Kumar J
    6 views4 pages
    The document describes the process for managing Control Correlation Identifiers (CCIs). It states that the Defense Information Systems Agency (DISA) currently manages CCIs and is working to establish a CCI Consensus Group to provide input. It outlines the current and planned processes for moderating the CCI specification, managing proposed changes to the CCI List, and tracking the status of CCIs as they progress from draft to published or deprecated.

    Original Description:

    Original Title

    u_cci_process_v1r0.1

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    The document describes the process for managing Control Correlation Identifiers (CCIs). It states that the Defense Information Systems Agency (DISA) currently manages CCIs and is working to establish a CCI Consensus Group to provide input. It outlines the current and planned processes for moderating the CCI specification, managing proposed changes to the CCI List, and tracking the status of CCIs as they progress from draft to published or deprecated.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    6 views4 pages

    Control Correlation Identifier (CCI) Process: Draft

    Uploaded by

    Kumar J
    The document describes the process for managing Control Correlation Identifiers (CCIs). It states that the Defense Information Systems Agency (DISA) currently manages CCIs and is working to establish a CCI Consensus Group to provide input. It outlines the current and planned processes for moderating the CCI specification, managing proposed changes to the CCI List, and tracking the status of CCIs as they progress from draft to published or deprecated.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    of 4

    DRAFT

    CONTROL CORRELATION IDENTIFIER


    (CCI)
    PROCESS

    VERSION 1 RELEASE 0.1

    28 February 2011

    DEVELOPED BY

    Defense Information Systems Agency


    Field Security Operations

    UNCLASSIFIED
    DRAFT CCI Process Version 1 Release 0.1 DISA Field Security Operations
    28 February 2011 Developed by DISA for the DoD

    Table of Contents

    1  INTRODUCTION .............................................................................................................................................. 3 
    2  MODERATION OF THE SPECIFICATION ................................................................................................. 3 
    2.1  CURRENT MANAGEMENT OF CCI ................................................................................................................ 3 
    2.2  FUTURE MANAGEMENT OF CCI .................................................................................................................. 3 
    3  CCI LIST MANAGEMENT ............................................................................................................................. 3 
    3.1  CURRENT PROCESS ..................................................................................................................................... 3 
    3.2  FUTURE PROCESS ........................................................................................................................................ 4 
    3.3  CCI STATUS FIELD ...................................................................................................................................... 4 

    2 UNCLASSIFIED
    DRAFT CCI Process Version 1 Release 0.1 DISA Field Security Operations
    28 February 2011 Developed by DISA for the DoD

    1 Introduction
    This document describes the moderation of the CCI specification and management of the CCI
    list.

    2 Moderation of the Specification


    The Defense Information Systems Agency (DISA) Field Security Operations (FSO) created the
    CCI specification and is currently responsible for the maintenance of the CCI specification and
    CCI List.

    2.1 Current Management of CCI


    Currently, the CCI specification is in its initial stages and an official CCI Consensus Group has
    not been established. DISA FSO is leading the effort to move CCI forward by establishing a
    CCI Consensus Group that would encourage participation from the government, commercial tool
    vendors, users of tools, security policy authors and maintainers, and academia. The Group will
    be focused on gathering input from all participants in an effort to ensure that CCI is beneficial to
    all consumers.
    To ensure all participants have an opportunity to express their feedback on open issues,
    mechanisms such as electronic mail (e-mail) lists, conference calls, and if necessary, face-to-face
    meetings will be used in an effort to arrive at a consensus.

    2.2 Future Management of CCI


    As the CCI specification matures, DISA FSO will consider alternative options for the
    management and moderation of the specification.

    3 CCI List Management


    The CCI List will contain the collection of CCIs that have been established for various source
    policy documents, which could include the NIST SP 800-53 v3, DoDI 8500.2, and other IA best
    practice documents. This list will be a source of the actionable items that vendors, system
    administrators, and security checklist authors will be able to utilize in the work they perform.
    The list will be dynamic in nature, allowing additions, updates, and deletions based on consensus
    direction. The goal is to maintain the accuracy and timeliness of the entries in the list in an effort
    to ensure consumers can trust the content that they use.

    3.1 Current Process


    DISA FSO has established the initial draft CCI List based on NIST SP 800-53 v3. This draft
    CCI List is now available for review and comment.
    Proposed additions and updates to the CCI List can be submitted to DISA FSO at the
    cci@disa.mil e-mail address. Proposed changes to the CCI List will be tracked through
    completion using a comments matrix. An updated matrix will be distributed periodically in an

    UNCLASSIFIED 3
    DRAFT CCI Process Version 1 Release 0.1 DISA Field Security Operations
    28 February 2011 Developed by DISA for the DoD

    effort to update the community on the current status of outstanding issues. Updated CCI Lists
    will be published periodically to incorporate accepted changes.
    Note: Although DISA FSO creates and distributes initial CCI List content, DISA FSO will work
    with source policy owners and authoritative sources to validate CCI item and reference
    mappings. When CCI reference mappings are validated, the appropriate fields in the CCI List
    will be updated to reflect the validation.

    3.2 Future Process


    As the CCI process and specification matures, DISA FSO will consider alternative options for
    the management and moderation of the CCI List.

    3.3 CCI Status Field


    The CCI status field will be used to track the current state of a CCI through its lifecycle. New
    CCIs will be assigned “draft” status until their initial publication. Published CCIs will be
    marked with status “published.” If a CCI is deemed to be unnecessary following its publication,
    its status will be changed to “deprecated.”
    Note: The initial draft of the CCI List will be published with “draft” status.

    4 UNCLASSIFIED

    You might also like