Skip Ribbon Commands Skip to main content

IASE content is currently preparing to migrate to the DoD Cyber Exchange.
Please see for updates to PKI/E content until the DoD Cyber Exchange goes live.

Control Correlation Identifier (CCI)

*PKI = DoD PKI Certificate Required

What is CCI?

The Control Correlation Identifier (CCI) provides a standard identifier and description for each of the singular, actionable statements that comprise an IA control or IA best practice. CCI bridges the gap between high-level policy expressions and low-level technical implementations. CCI allows a security requirement that is expressed in a high-level policy framework to be decomposed and explicitly associated with the low-level security setting(s) that must be assessed to determine compliance with the objectives of that specific security control. This ability to trace security requirements from their origin (e.g., regulations, IA frameworks) to their low-level implementation allows organizations to readily demonstrate compliance to multiple IA compliance frameworks. CCI also provides a means to objectively rollup and compare related compliance assessment results across disparate technologies.

How can I get involved?

We encourage participation from the members of the Information Security Community in the CCI efforts by providing feedback on the CCI list, Comments may also be provided using the CCI Comment Matrix.


 CCI Downloads

STIGs Related Links