...
Defense Information Systems Agency (DISA) organizations are strictly regulated and must ensure their systems are securely configured and that the systems comply with the applicable security policies. According According to the Information Assurance Support Environment (IASE), who maintains the Control Correlation Identifier (CCI) list, and provides a standard identifier and description for each of the singular, actionable statements that comprise an IA control or IA best practice. CCI bridges the gap between high-level policy expressions and low-level technical implementations. CCI allows a security requirement that is expressed in a high-level policy framework to be decomposed and explicitly associated with the low-level security setting(s) that must be assessed to determine compliance with the objectives of that specific security control. This ability to trace security requirements from their origin (e.g., regulations, IA frameworks) to their low-level implementation allows organizations to readily demonstrate compliance to multiple IA compliance frameworks. CCI also provides a means to objectively rollup and compare related compliance assessment results across disparate technologies. Security Reviewer suite provides references to those controls inside the Reports and the dashboard, Team Reviewer.
...