Maintaining ongoing awareness of information security, vulnerabilities, and threats to support organizational risk management decisions.
| ID | Name | Description | |
| ID | Description |
| Requirement | Rationale/Additional Guidance/Notes |
|---|---|
| The [organization] updates the inventory of spacecraft components as an integral part of component installations, removals, and spacecraft updates.{CM-8(1),CA-7,CM-2,CM-3} | |
| The [organization] shall establish and maintain processes to manage and oversee independent assessors, including their qualifications, roles, and responsibilities.{CA-2(1),CA-7(1)} | Independent assessors shall be individuals or entities external to the operational chain of command and not involved in the development, implementation, or operations of the system under assessment. |
| The [organization] shall implement, as part of an A&A process, a Continuous Monitoring Program (CMP) that evaluates the effectiveness of security control implementations on a recurring pre-defined basis.{CA-7,PM-31} | |
| The [organization] shall employ independent assessors or assessment teams to monitor the effectiveness of security controls in the system on an ongoing basis.{CA-7(1)} | |
| The [organization] shall modify control implementations, the frequency of continuous monitoring activities, and the types of activities used in the continuous monitoring process based on trend analysis of empirical data.{CA-7(3)} | |
| The [organization] shall monitor, as part of the continuous monitoring strategy, the following: implementation of risk response measures; effectiveness of the risk response implementation; configuration changes that may impact security{CA-7(4)} | |
| The [organization] shall implement automated mechanisms to assist in the execution and implementation of the Continuous Monitoring Program (CMP).{CA-7(6)} | |
| The [organization] shall ensure that the allocated security safeguards operate in a coordinated and mutually reinforcing manner.{SV-MA-6}{CA-7(5),PL-7,PL-8(1),SA-8(19)} |