Detections
Analytics
800-53|CA-7
Title
CONTINUOUS MONITORINGDescription
The organization develops a continuous monitoring strategy and implements a continuous monitoring program that includes:Supplemental
Continuous monitoring programs facilitate ongoing awareness of threats, vulnerabilities, and information security to support organizational risk management decisions. The terms continuous and ongoing imply that organizations assess/analyze security controls and information security-related risks at a frequency sufficient to support organizational risk-based decisions. The results of continuous monitoring programs generate appropriate risk response actions by organizations. Continuous monitoring programs also allow organizations to maintain the security authorizations of information systems and common controls over time in highly dynamic environments of operation with changing mission/business needs, threats, vulnerabilities, and technologies. Having access to security-related information on a continuing basis through reports/dashboards gives organizational officials the capability to make more effective and timely risk management decisions, including ongoing security authorization decisions. Automation supports more frequent updates to security authorization packages, hardware/software/firmware inventories, and other system information. Effectiveness is further enhanced when continuous monitoring outputs are formatted to provide information that is specific, measurable, actionable, relevant, and timely. Continuous monitoring activities are scaled in accordance with the security categories of information systems.Reference Item Details
Reference: NIST 800-53 - Security and Privacy Controls for Federal Information Systems and Organizations
Related: CA-2,CA-5,CA-6,CM-3,CM-4,PM-6,PM-9,RA-5,SA-11,SA-12,SI-2,SI-4
Category: SECURITY ASSESSMENT AND AUTHORIZATION
Family: SECURITY ASSESSMENT AND AUTHORIZATION
Priority: P2
Baseline Impact: LOW,MODERATE,HIGH
Audit Items
View all Reference Audit Items