Navigate

CCI-003009

CCI-003009 Definition

Review monitoring plans for consistency with the organizational risk management strategy and organization-wide priorities for risk response actions.

Status
Type	CheckType.policy

Master Assessment Datasheet

Implementation Guidance

Determine if: - testing plans are reviewed for consistency with the Organizational risk management strategy. - training plans are reviewed for consistency with the Organizational risk management strategy. - monitoring plans are reviewed for consistency with the Organizational risk management strategy. - testing plans are reviewed for consistency with organization-wide priorities for risk response actions. - training plans are reviewed for consistency with organization-wide priorities for risk response actions. - monitoring plans are reviewed for consistency with organization-wide priorities for risk response actions.

Validation Procedures

Examine: [SELECT FROM: Information security program plan; privacy program plan; plans for conducting security and privacy testing, training, and monitoring activities; organizational procedures addressing the development and maintenance of plans for conducting security and privacy testing, training, and monitoring activities; risk management strategy; procedures for the review of plans for conducting security and privacy testing, training, and monitoring activities for consistency with risk management strategy and risk response priorities; results of risk assessments associated with conducting security and privacy testing, training, and monitoring activities; documentation of the timely execution of plans for conducting security and privacy testing, training, and monitoring activities; other relevant documents or records]. Interview: [SELECT FROM: Organizational personnel with responsibilities for developing and maintaining plans for conducting security and privacy testing, training, and monitoring activities; organizational personnel with information security and privacy responsibilities]. Test: [SELECT FROM: Organizational processes for the development and maintenance of plans for conducting security and privacy testing, training, and monitoring activities; mechanisms supporting the development and maintenance of plans for conducting security and privacy testing, training, and monitoring activities].

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-003009.

Control	Description
PM-14	a: Implement a process for ensuring that organizational plans for conducting security and privacy testing, training, and monitoring activities associated with organizational systems: 1: Are developed and maintained; and 2: Continue to be executed; and b: Review testing, training, and monitoring plans for consistency with the organizational risk management strategy and organization-wide priorities for risk response actions.

Control

Description

PM-14

a: Implement a process for ensuring that organizational plans for conducting security and privacy testing, training, and monitoring activities associated with organizational systems:
- 1: Are developed and maintained; and
- 2: Continue to be executed; and

b: Review testing, training, and monitoring plans for consistency with the organizational risk management strategy and organization-wide priorities for risk response actions.