CA-7(4): Risk Monitoring

PF v1.0 References:


  • Low
  • Moderate
  • High
  • Privacy
Info icon.

Control is new to this version of the control set.

Control Statement

Ensure risk monitoring is an integral part of the continuous monitoring strategy that includes the following:

  1. Effectiveness monitoring;
  2. Compliance monitoring; and
  3. Change monitoring.

Supplemental Guidance

Risk monitoring is informed by the established organizational risk tolerance. Effectiveness monitoring determines the ongoing effectiveness of the implemented risk response measures. Compliance monitoring verifies that required risk response measures are implemented. It also verifies that security and privacy requirements are satisfied. Change monitoring identifies changes to organizational systems and environments of operation that may affect security and privacy risk.