GV.MT-P3: Policies, processes, and procedures for assessing compliance with legal requirements and privacy policies are established and in place
Description
[csf.tools Note: Subcategories do not have detailed descriptions.]
Related Controls
NIST Special Publication 800-53 Revision 5
CA-2: Control Assessments
Select the appropriate assessor or assessment team for the type of assessment to be conducted; Develop a control assessment plan that describes the scope of the assessment including: Controls and control enhancements under assessment; Assessment procedures to be used to determine control effectiveness; and Assessment environment, assessment team, and assessment roles and responsibilities; Ensure the…
CA-7: Continuous Monitoring
Develop a system-level continuous monitoring strategy and implement continuous monitoring in accordance with the organization-level continuous monitoring strategy that includes: Establishing the following system-level metrics to be monitored: [Assignment: organization-defined system-level metrics]; Establishing [Assignment: organization-defined frequencies] for monitoring and [Assignment: organization-defined frequencies] for assessment of control effectiveness; Ongoing control assessments in accordance with the continuous…
PM-14: Testing, Training, and Monitoring
Implement a process for ensuring that organizational plans for conducting security and privacy testing, training, and monitoring activities associated with organizational systems: Are developed and maintained; and Continue to be executed; and Review testing, training, and monitoring plans for consistency with the organizational risk management strategy and organization-wide priorities for risk response actions.
PM-31: Continuous Monitoring Strategy
Develop an organization-wide continuous monitoring strategy and implement continuous monitoring programs that include: Establishing the following organization-wide metrics to be monitored: [Assignment: organization-defined metrics]; Establishing [Assignment: organization-defined frequencies] for monitoring and [Assignment: organization-defined frequencies] for assessment of control effectiveness; Ongoing monitoring of organizationally-defined metrics in accordance with the continuous monitoring strategy; Correlation and analysis of…
NIST Special Publication 800-53 Revision 4
CA-2: Security Assessments
The organization: Develops a security assessment plan that describes the scope of the assessment including: Security controls and control enhancements under assessment; Assessment procedures to be used to determine security control effectiveness; and Assessment environment, assessment team, and assessment roles and responsibilities; Assesses the security controls in the information system and its environment of operation…
CA-7: Continuous Monitoring
The organization develops a continuous monitoring strategy and implements a continuous monitoring program that includes: Establishment of [Assignment: organization-defined metrics] to be monitored; Establishment of [Assignment: organization-defined frequencies] for monitoring and [Assignment: organization-defined frequencies] for assessments supporting such monitoring; Ongoing security control assessments in accordance with the organizational continuous monitoring strategy; Ongoing security status monitoring…
PM-14: Testing, Training, And Monitoring
The organization: Implements a process for ensuring that organizational plans for conducting security testing, training, and monitoring activities associated with organizational information systems: Are developed and maintained; and Continue to be executed in a timely manner; Reviews testing, training, and monitoring plans for consistency with the organizational risk management strategy and organization-wide priorities for risk…