zydronium/manage.get.gov

mirror of https://github.com/cisagov/manage.get.gov.git synced 2025-08-06 09:45:23 +02:00

Add compliance documentation to source control (#116 )

* add initial setup of compliance-trestle

2022-09-14 08:46:43 -04:00

1.9 KiB

Raw Blame History

implementation-status

control-origination

c-not-implemented

c-inherited-cloud-gov

c-inherited-cisa

c-common-control

c-system-specific-control

ca-7.4 - [catalog] Risk Monitoring

Control Statement

Ensure risk monitoring is an integral part of the continuous monitoring strategy that includes the following:

[a] Effectiveness monitoring;
[b] Compliance monitoring; and
[c] Change monitoring.

Control guidance

Risk monitoring is informed by the established organizational risk tolerance. Effectiveness monitoring determines the ongoing effectiveness of the implemented risk response measures. Compliance monitoring verifies that required risk response measures are implemented. It also verifies that security and privacy requirements are satisfied. Change monitoring identifies changes to organizational systems and environments of operation that may affect security and privacy risk.

Control assessment-objective

risk monitoring is an integral part of the continuous monitoring strategy; effectiveness monitoring is included in risk monitoring; compliance monitoring is included in risk monitoring; change monitoring is included in risk monitoring.

What is the solution and how is it implemented?

Implementation (a)

Add control implementation description here for item ca-7.4_smt.a

Implementation (b)

Add control implementation description here for item ca-7.4_smt.b

Implementation (c)

Add control implementation description here for item ca-7.4_smt.c

1.9 KiB Raw Blame History