CCI-003884

Implementation Guidance

Determine if: - [CA-07(05)_ODP[01]; actions to validate that policies are established are defined] are employed to validate that policies are established. - [CA-07(05)_ODP[02]; actions to validate that implemented controls are operating in a consistent manner are defined] are employed to validate that implemented controls are operating in a consistent manner.

Validation Procedures

Examine: [SELECT FROM: Assessment, authorization, and monitoring policy; organizational continuous monitoring strategy; system-level continuous monitoring strategy; procedures addressing continuous monitoring of system security controls; assessment report; plan of action and milestones; system monitoring records; security impact analyses; status reports; system security plan; other relevant documents or records]. Interview: [SELECT FROM: Organizational personnel with continuous monitoring responsibilities; organizational personnel with information security and privacy responsibilities]. Test: [SELECT FROM: Mechanisms supporting consistency analyses].