CCI-002087

CCI-002087 Definition

Establish organization-defined system-level metrics to be monitored.

Status
Type	CheckType.policy

Future DoD-wide CM guidance to be published

Future DoD-wide CM guidance to be published

1.) SOP/TTP defining the metrics to be monitored for the continuous monitoring program

The controls below (if any) were marked by NIST as being related to CCI-002087.

Control	Description
CA-7	The organization develops a continuous monitoring strategy and implements a continuous monitoring program that includes: a: Establishment of [organization-defined metrics] to be monitored; b: Establishment of [organization-defined frequencies] for monitoring and [organization-defined frequencies] for assessments supporting such monitoring; c: Ongoing security control assessments in accordance with the organizational continuous monitoring strategy; d: Ongoing security status monitoring of organization-defined metrics in accordance with the organizational continuous monitoring strategy; e: Correlation and analysis of security-related information generated by assessments and monitoring; f: Response actions to address results of the analysis of security-related information; and g: Reporting the security status of organization and the information system to [organization-defined personnel or roles] [organization-defined frequency].

Control

Description

b: Establishment of [organization-defined frequencies] for monitoring and [organization-defined frequencies] for assessments supporting such monitoring;

c: Ongoing security control assessments in accordance with the organizational continuous monitoring strategy;

d: Ongoing security status monitoring of organization-defined metrics in accordance with the organizational continuous monitoring strategy;

e: Correlation and analysis of security-related information generated by assessments and monitoring;

f: Response actions to address results of the analysis of security-related information; and

g: Reporting the security status of organization and the information system to [organization-defined personnel or roles] [organization-defined frequency].