SA-4(8) - Acquisition Process | Continuous Monitoring Plan for Controls

Require the developer of the system, system component, or system service to produce a plan for continuous monitoring of control effectiveness that is consistent with the continuous monitoring program of the organization.


Informational References

ISO 27001

ID: SA-4(8)
Enhancement of : SA-4

Countermeasures Covered by Control

ID Name Description D3FEND

Space Threats Tagged by Control

ID Description

Sample Requirements

Requirement Rationale/Additional Guidance/Notes
The [organization] shall produce a plan for the continuous monitoring of security control effectiveness.{SA-4(8),CP-4(5),PM-31}

Related SPARTA Techniques and Sub-Techniques

ID Name Description