CA-7(3): Trend Analyses
Control Family:
Parent Control:
CSF v1.1 References:
Baselines:
(Not part of any baseline)
Next Version:
- NIST Special Publication 800-53 Revision 5:
- CA-7(3): Trend Analyses
Control Statement
The organization employs trend analyses to determine if security control implementations, the frequency of continuous monitoring activities, and/or the types of activities used in the continuous monitoring process need to be modified based on empirical data.
Supplemental Guidance
Trend analyses can include, for example, examining recent threat information regarding the types of threat events that have occurred within the organization or across the federal government, success rates of certain types of cyber attacks, emerging vulnerabilities in information technologies, evolving social engineering techniques, results from multiple security control assessments, the effectiveness of configuration settings, and findings from Inspectors General or auditors.