Navigate

CCI-003882

CCI-003882 Definition

Ensure risk monitoring is an integral part of the continuous monitoring strategy that includes compliance monitoring.

Status
Type	CheckType.technical

Master Assessment Datasheet

Implementation Guidance

Determine if compliance monitoring is included in risk monitoring,

Validation Procedures

Examine: [SELECT FROM: Assessment, authorization, and monitoring policy; organizational continuous monitoring strategy; system-level continuous monitoring strategy; procedures addressing continuous monitoring of system controls; assessment report; plan of action and milestones; system monitoring records; impact analyses; status reports; system security plan; privacy plan; other relevant documents or records]. Interview: [SELECT FROM: Organizational personnel with continuous monitoring responsibilities; organizational personnel with information security and privacy responsibilities]. Test: [SELECT FROM: Mechanisms supporting risk monitoring].

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-003882.

Control	Description
CA-7(4)	Ensure risk monitoring is an integral part of the continuous monitoring strategy that includes the following: (a): Effectiveness monitoring; (b): Compliance monitoring; and (c): Change monitoring.