Employ trend analyses to determine if control implementations, the frequency of continuous monitoring activities, and the types of activities used in the continuous monitoring process need to be modified based on empirical data.
ID | Name | Description | D3FEND | |
CM0090 | Continuous Monitoring | Maintaining ongoing awareness of information security, vulnerabilities, and threats to support organizational risk management decisions. |
ID | Description |
Requirement | Rationale/Additional Guidance/Notes |
---|---|
The [organization] shall modify control implementations, the frequency of continuous monitoring activities, and the types of activities used in the continuous monitoring process based on trend analysis of empirical data.{CA-7(3)} |
ID | Name | Description |
---|