CA-7(4)

  • Requirement

    Ensure risk monitoring is an integral part of the continuous monitoring strategy that includes the following:

    1. Effectiveness monitoring;
    2. Compliance monitoring; and
    3. Change monitoring.
  • Discussion

    Risk monitoring is informed by the established organizational risk tolerance. Effectiveness monitoring determines the ongoing effectiveness of the implemented risk response measures. Compliance monitoring verifies that required risk response measures are implemented. It also verifies that security and privacy requirements are satisfied. Change monitoring identifies changes to organizational systems and environments of operation that may affect security and privacy risk.

More Info

  • Title

    Continuous Monitoring | Risk Monitoring
  • Family

    Assessment, Authorization, and Monitoring
  • NIST 800-53B Baseline(s)

    • Low
    • Moderate
    • High
    • Privacy
  • Related NIST 800-53 ID

NIST 800-53A Assessment Guidance

CMMC Training

Our CMMC Overview Course simplifies CMMC. Enroll so you can make informed decisions!