CCI-002087

CCI-002087 Definition

The organization establishes and defines the metrics to be monitored for the continuous monitoring program.

Status
Type	CheckType.policy

Future DoD-wide CM guidance to be published

Future DoD-wide CM guidance to be published

1.) SOP/TTP defining the metrics to be monitored for the continuous monitoring program

The controls below (if any) were marked by NIST as being related to CCI-002087.

Control	Description
CA-7	The organization develops a continuous monitoring strategy and implements a continuous monitoring program that includes: CA-7a.: Establishment of [Assignment: organization-defined metrics] to be monitored; CA-7b.: Establishment of [Assignment: organization-defined frequencies] for monitoring and [Assignment: organization-defined frequencies] for assessments supporting such monitoring; CA-7c.: Ongoing security control assessments in accordance with the organizational continuous monitoring strategy; CA-7d.: Ongoing security status monitoring of organization-defined metrics in accordance with the organizational continuous monitoring strategy; CA-7e.: Correlation and analysis of security-related information generated by assessments and monitoring; CA-7f.: Response actions to address results of the analysis of security-related information; and CA-7g.: Reporting the security status of organization and the information system to [Assignment: organization-defined personnel or roles] [Assignment: organization-defined frequency].

Control

Description

CA-7a.: Establishment of [Assignment: organization-defined metrics] to be monitored;

CA-7b.: Establishment of [Assignment: organization-defined frequencies] for monitoring and [Assignment: organization-defined frequencies] for assessments supporting such monitoring;

CA-7c.: Ongoing security control assessments in accordance with the organizational continuous monitoring strategy;

CA-7d.: Ongoing security status monitoring of organization-defined metrics in accordance with the organizational continuous monitoring strategy;

CA-7e.: Correlation and analysis of security-related information generated by assessments and monitoring;

CA-7f.: Response actions to address results of the analysis of security-related information; and

CA-7g.: Reporting the security status of organization and the information system to [Assignment: organization-defined personnel or roles] [Assignment: organization-defined frequency].