π CA β Assessment, Authorization, and Monitoring
Periodically assess, authorize, and monitor security controls
β Back to all domains4 Practices
L2 CA.L2-3.12.1
Periodically assess the security controls to determine if the controls are effective
This practice requires organizations to regularly check if their security measures are working as intended. Think of it like a car inspectionβyou donβ...
Level 2 β Advanced
View Control β
L2 CA.L2-3.12.2
Develop and implement plans of action designed to correct deficiencies and reduce vulnerabilities
This practice requires organizations to create and execute Plans of Action and Milestones (POA&Ms) to address identified security weaknesses and reduc...
Level 2 β Advanced
View Control β
L2 CA.L2-3.12.3
Monitor security controls on an ongoing basis
This practice requires organizations to continuously monitor their security controls to ensure they are functioning as intended and protecting sensiti...
Level 2 β Advanced
View Control β
L2 CA.L2-3.12.4
Develop, document, and periodically update system security plans
This practice requires organizations to create, maintain, and regularly update a System Security Plan (SSP). An SSP is a comprehensive document that o...
Level 2 β Advanced
View Control β