Skip to main content

πŸ’Ό PM-31 Continuous Monitoring Strategy

  • Contextual name: πŸ’Ό PM-31 Continuous Monitoring Strategy
  • ID: /frameworks/nist-sp-800-53-r5/pm/31
  • Located in: πŸ’Ό PM Program Management

Description​

Develop an organization-wide continuous monitoring strategy and implement continuous monitoring programs that include: a. Establishing the following organization-wide metrics to be monitored: [Assignment: organization-defined metrics]; b. Establishing [Assignment: organization-defined frequencies] for monitoring and [Assignment: organization-defined frequencies] for assessment of control effectiveness; c. Ongoing monitoring of organizationally-defined metrics in accordance with the continuous monitoring strategy; d. Correlation and analysis of information generated by control assessments and monitoring; e. Response actions to address results of the analysis of control assessment and monitoring information; and f. Reporting the security and privacy status of organizational systems to [Assignment: organization-defined personnel or roles] [Assignment: organization-defined frequency].

Similar​

  • Internal
    • ID: dec-c-40483580

Similar Sections (Give Policies To)​

SectionSub SectionsInternal RulesPoliciesFlags
πŸ’Ό NIST CSF v2.0 β†’ πŸ’Ό GV.OV-01: Cybersecurity risk management strategy outcomes are reviewed to inform and adjust strategy and direction
πŸ’Ό NIST CSF v2.0 β†’ πŸ’Ό GV.OV-02: The cybersecurity risk management strategy is reviewed and adjusted to ensure coverage of organizational requirements and risks
πŸ’Ό NIST CSF v2.0 β†’ πŸ’Ό GV.SC-03: Cybersecurity supply chain risk management is integrated into cybersecurity and enterprise risk management, risk assessment, and improvement processes7
πŸ’Ό NIST CSF v2.0 β†’ πŸ’Ό GV.SC-09: Supply chain security practices are integrated into cybersecurity and enterprise risk management programs, and their performance is monitored throughout the technology product and service life cycle
πŸ’Ό NIST CSF v2.0 β†’ πŸ’Ό GV.SC-10: Cybersecurity supply chain risk management plans include provisions for activities that occur after the conclusion of a partnership or service agreement
πŸ’Ό NIST CSF v2.0 β†’ πŸ’Ό ID.IM-03: Improvements are identified from execution of operational processes, procedures, and activities24

Sub Sections​

SectionSub SectionsInternal RulesPoliciesFlags