CT.DM-P9: Technical measures implemented to manage data processing are tested and assessed
Description
[csf.tools Note: Subcategories do not have detailed descriptions.]
Related Controls
NIST Special Publication 800-53 Revision 5
CA-2: Control Assessments
Select the appropriate assessor or assessment team for the type of assessment to be conducted; Develop a control assessment plan that describes the scope of the assessment including: Controls and control enhancements under assessment; Assessment procedures to be used to determine control effectiveness; and Assessment environment, assessment team, and assessment roles and responsibilities; Ensure the…
CA-7: Continuous Monitoring
Develop a system-level continuous monitoring strategy and implement continuous monitoring in accordance with the organization-level continuous monitoring strategy that includes: Establishing the following system-level metrics to be monitored: [Assignment: organization-defined system-level metrics]; Establishing [Assignment: organization-defined frequencies] for monitoring and [Assignment: organization-defined frequencies] for assessment of control effectiveness; Ongoing control assessments in accordance with the continuous…
SI-6: Security and Privacy Function Verification
Verify the correct operation of [Assignment: organization-defined security and privacy functions]; Perform the verification of the functions specified in SI-6a [Assignment (one or more): [Assignment: organization-defined system transitional states] , upon command by user with appropriate privilege, [Assignment: organization-defined frequency] ]; Alert [Assignment: organization-defined personnel or roles] to failed security and privacy verification tests; and…
NIST Special Publication 800-53 Revision 4
CA-2: Security Assessments
The organization: Develops a security assessment plan that describes the scope of the assessment including: Security controls and control enhancements under assessment; Assessment procedures to be used to determine security control effectiveness; and Assessment environment, assessment team, and assessment roles and responsibilities; Assesses the security controls in the information system and its environment of operation…
CA-7: Continuous Monitoring
The organization develops a continuous monitoring strategy and implements a continuous monitoring program that includes: Establishment of [Assignment: organization-defined metrics] to be monitored; Establishment of [Assignment: organization-defined frequencies] for monitoring and [Assignment: organization-defined frequencies] for assessments supporting such monitoring; Ongoing security control assessments in accordance with the organizational continuous monitoring strategy; Ongoing security status monitoring…
SI-6: Security Function Verification
The information system: Verifies the correct operation of [Assignment: organization-defined security functions]; Performs this verification [Selection (one or more): [Assignment: organization-defined system transitional states]; upon command by user with appropriate privilege; [Assignment: organization-defined frequency]]; Notifies [Assignment: organization-defined personnel or roles] of failed security verification tests; and [Selection (one or more): shuts the information system down;…