💼 CA-7 CONTINUOUS MONITORING

• ID: /frameworks/nist-sp-800-53-r4/ca/07

Description

The organization develops a continuous monitoring strategy and implements a continuous monitoring program that includes: CA-7a. Establishment of [Assignment: organization-defined metrics] to be monitored; CA-7b. Establishment of [Assignment: organization-defined frequencies] for monitoring and [Assignment: organization-defined frequencies] for assessments supporting such monitoring; CA-7c. Ongoing security control assessments in accordance with the organizational continuous monitoring strategy; CA-7d. Ongoing security status monitoring of organization-defined metrics in accordance with the organizational continuous monitoring strategy; CA-7e. Correlation and analysis of security-related information generated by assessments and monitoring; CA-7f. Response actions to address results of the analysis of security-related information; and CA-7g. Reporting the security status of organization and the information system to [Assignment: organization-defined personnel or roles] [Assignment: organization-defined frequency].

Similar

• Internal
  • ID: dec-c-a326185e

Similar Sections (Give Policies To)

Section	Sub Sections	Internal Rules	Policies	Flags	Compliance
💼 NIST CSF v1.1 → 💼 DE.AE-2: Detected events are analyzed to understand attack targets and methods		18	24		no data
💼 NIST CSF v1.1 → 💼 DE.AE-3: Event data are collected and correlated from multiple sources and sensors		18	38		no data
💼 NIST CSF v1.1 → 💼 DE.CM-1: The network is monitored to detect potential cybersecurity events		18	63		no data
💼 NIST CSF v1.1 → 💼 DE.CM-2: The physical environment is monitored to detect potential cybersecurity events					no data
💼 NIST CSF v1.1 → 💼 DE.CM-3: Personnel activity is monitored to detect potential cybersecurity events		20	26		no data
💼 NIST CSF v1.1 → 💼 DE.CM-6: External service provider activity is monitored to detect potential cybersecurity events		6	7		no data
💼 NIST CSF v1.1 → 💼 DE.CM-7: Monitoring for unauthorized personnel, connections, devices, and software is performed		18	24		no data
💼 NIST CSF v1.1 → 💼 DE.DP-1: Roles and responsibilities for detection are well defined to ensure accountability					no data
💼 NIST CSF v1.1 → 💼 DE.DP-2: Detection activities comply with all applicable requirements		6	7		no data
💼 NIST CSF v1.1 → 💼 DE.DP-3: Detection processes are tested		13	14		no data
💼 NIST CSF v1.1 → 💼 DE.DP-4: Event detection information is communicated		29	33		no data
💼 NIST CSF v1.1 → 💼 DE.DP-5: Detection processes are continuously improved		13	16		no data
💼 NIST CSF v1.1 → 💼 ID.RA-1: Asset vulnerabilities are identified and documented		13	16		no data
💼 NIST CSF v1.1 → 💼 PR.IP-7: Protection processes are improved			2		no data
💼 NIST CSF v1.1 → 💼 PR.IP-8: Effectiveness of protection technologies is shared		6	7		no data
💼 NIST CSF v1.1 → 💼 RS.AN-1: Notifications from detection systems are investigated		18	24		no data
💼 NIST CSF v1.1 → 💼 RS.CO-3: Information is shared consistent with response plans		16	18		no data
💼 NIST CSF v1.1 → 💼 RS.MI-3: Newly identified vulnerabilities are mitigated or documented as accepted risks		7	7		no data

Sub Sections

Section	Sub Sections	Internal Rules	Policies	Flags	Compliance
💼 CA-7 (1) INDEPENDENT ASSESSMENT					no data
💼 CA-7 (2) TYPES OF ASSESSMENTS					no data
💼 CA-7 (3) TREND ANALYSES					no data