Navigate

CCI-000281

CCI-000281 Definition

Defines the frequency with which to report the security status to organization-defined personnel or roles.

Status
Type	CheckType.policy

Master Assessment Datasheet

Implementation Guidance

Determine if: - system-level continuous monitoring includes reporting the security status of the system to [CA-07_ODP[04]; personnel or roles to whom the security status of the system is reported are defined] [CA-07_ODP[05]; frequency at which the security status of the system is reported is defined]. - system-level continuous monitoring includes reporting the privacy status of the system to [CA-07_ODP[06]; personnel or roles to whom the privacy status of the system is reported are defined] [CA-07_ODP[07]; frequency at which the privacy status of the system is reported is defined].

Validation Procedures

Examine: [SELECT FROM: Assessment, authorization, and monitoring policy; organizational continuous monitoring strategy; system-level continuous monitoring strategy; procedures addressing continuous monitoring of system controls; procedures addressing configuration management; control assessment report; plan of action and milestones; system monitoring records; configuration management records; impact analyses; status reports; system security plan; privacy plan; other relevant documents or records]. Interview: [SELECT FROM: Organizational personnel with continuous monitoring responsibilities; organizational personnel with information security and privacy responsibilities; system/network administrators]. Test: [SELECT FROM: Mechanisms implementing continuous monitoring; mechanisms supporting response actions to address assessment and monitoring results; mechanisms supporting security and privacy status reporting].

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-000281.

Control	Description
CA-7	Develop a system-level continuous monitoring strategy and implement continuous monitoring in accordance with the organization-level continuous monitoring strategy that includes: a: Establishing the following system-level metrics to be monitored: [system-level metrics to be monitored are defined;]; b: Establishing [frequencies at which to monitor control effectiveness are defined;] for monitoring and [frequencies at which to assess control effectiveness are defined;] for assessment of control effectiveness; c: Ongoing control assessments in accordance with the continuous monitoring strategy; d: Ongoing monitoring of system and organization-defined metrics in accordance with the continuous monitoring strategy; e: Correlation and analysis of information generated by control assessments and monitoring; f: Response actions to address results of the analysis of control assessment and monitoring information; and g: Reporting the security and privacy status of the system to [one of ] [one of ].

Control

Description

CA-7

Develop a system-level continuous monitoring strategy and implement continuous monitoring in accordance with the organization-level continuous monitoring strategy that includes:

a: Establishing the following system-level metrics to be monitored: [system-level metrics to be monitored are defined;];

b: Establishing [frequencies at which to monitor control effectiveness are defined;] for monitoring and [frequencies at which to assess control effectiveness are defined;] for assessment of control effectiveness;

c: Ongoing control assessments in accordance with the continuous monitoring strategy;

d: Ongoing monitoring of system and organization-defined metrics in accordance with the continuous monitoring strategy;

e: Correlation and analysis of information generated by control assessments and monitoring;

f: Response actions to address results of the analysis of control assessment and monitoring information; and

g: Reporting the security and privacy status of the system to [one of ] [one of ].