CA-7 Continuous Monitoring

Rule Id	Frequency	Responsible
CA0700	Annual	ISSM
EXAMINE:REVIEW: the DAAPM for changes to inherited controls, metrics and frequencies to monitor. AUDIT:ANALYZE: continuous monitoring status; ensuring each security control metric is covered by a monitoring method. AUDIT:ANALYZE: the information system to ensure correlation and analysis of security-related information are generated by assessments and monitoring. AUDIT:ANALYZE: response actions taken and security status reports made. EXAMINE:REVIEW: security status for specific programs and information system that have been reported to the ISSP/SCA, KMPs and appropriate Cyber Integration Team members; updating the risk assessment report when applicable.
ARTIFACTS Updated POA&M, reports; RAR; Information System Continuous Monitoring (ISCM) Checklist as a self-assessment attestation commented with statuses.

Rule Id

Frequency

Responsible

CA0700

Annual

ISSM

EXAMINE:REVIEW: the DAAPM for changes to inherited controls, metrics and frequencies to monitor.

AUDIT:ANALYZE: continuous monitoring status; ensuring each security control metric is covered by a monitoring method.

AUDIT:ANALYZE: the information system to ensure correlation and analysis of security-related information are generated by assessments and monitoring.

AUDIT:ANALYZE: response actions taken and security status reports made.

EXAMINE:REVIEW: security status for specific programs and information system that have been reported to the ISSP/SCA, KMPs and appropriate Cyber Integration Team members; updating the risk assessment report when applicable.

ARTIFACTS
Updated POA&M, reports; RAR; Information System Continuous Monitoring (ISCM) Checklist as a self-assessment attestation commented with statuses.