CA-7(4) - Continuous Monitoring | Risk Monitoring

Ensure risk monitoring is an integral part of the continuous monitoring strategy that includes the following: (a) Effectiveness monitoring; (b) Compliance monitoring; and (c) Change monitoring.


Informational References

ISO 27001

ID: CA-7(4)
Enhancement of : CA-7

Countermeasures Covered by Control

ID Name Description D3FEND
CM0090 Continuous Monitoring Maintaining ongoing awareness of information security, vulnerabilities, and threats to support organizational risk management decisions.

Space Threats Tagged by Control

ID Description

Sample Requirements

Requirement Rationale/Additional Guidance/Notes
The [organization] shall monitor, as part of the continuous monitoring strategy, the following: implementation of risk response measures; effectiveness of the risk response implementation; configuration changes that may impact security{CA-7(4)}

Related SPARTA Techniques and Sub-Techniques

ID Name Description