Navigate

CCI-000281

CCI-000281 Definition

The organization defines the frequency with which to report the security status of the organization and the information system to organization-defined personnel or roles.

Status
Type	CheckType.policy

Master Assessment Datasheet

Implementation Guidance

Future DoD-wide CM guidance to be published

Validation Procedures

Future DoD-wide CM guidance to be published

Compelling Evidence

1.) SOP/TTP that defines the frequency to report security status of organization and the information system to organization-defined personnel or roles is defined.

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-000281.

Control	Description
CA-7	The organization develops a continuous monitoring strategy and implements a continuous monitoring program that includes: CA-7a.: Establishment of [Assignment: organization-defined metrics] to be monitored; CA-7b.: Establishment of [Assignment: organization-defined frequencies] for monitoring and [Assignment: organization-defined frequencies] for assessments supporting such monitoring; CA-7c.: Ongoing security control assessments in accordance with the organizational continuous monitoring strategy; CA-7d.: Ongoing security status monitoring of organization-defined metrics in accordance with the organizational continuous monitoring strategy; CA-7e.: Correlation and analysis of security-related information generated by assessments and monitoring; CA-7f.: Response actions to address results of the analysis of security-related information; and CA-7g.: Reporting the security status of organization and the information system to [Assignment: organization-defined personnel or roles] [Assignment: organization-defined frequency].

Control

Description

CA-7

The organization develops a continuous monitoring strategy and implements a continuous monitoring program that includes:

CA-7a.: Establishment of [Assignment: organization-defined metrics] to be monitored;

CA-7b.: Establishment of [Assignment: organization-defined frequencies] for monitoring and [Assignment: organization-defined frequencies] for assessments supporting such monitoring;

CA-7c.: Ongoing security control assessments in accordance with the organizational continuous monitoring strategy;

CA-7d.: Ongoing security status monitoring of organization-defined metrics in accordance with the organizational continuous monitoring strategy;

CA-7e.: Correlation and analysis of security-related information generated by assessments and monitoring;

CA-7f.: Response actions to address results of the analysis of security-related information; and

CA-7g.: Reporting the security status of organization and the information system to [Assignment: organization-defined personnel or roles] [Assignment: organization-defined frequency].