Assessment, Authorization, and Monitoring (CA)
[Withdrawn: Moved to SC-7(26).]
Assessment, Authorization, and Monitoring (CA)
[Withdrawn: Moved to SC-7(27).]
Assessment, Authorization, and Monitoring (CA)
[Withdrawn: Moved to SC-7(28).]
Assessment, Authorization, and Monitoring (CA)
[Withdrawn: Moved to SC-7(5).]
Assessment, Authorization, and Monitoring (CA)
Verify that individuals or systems transferring data between interconnecting systems have the requisite authorizations (i.e., write permissions or privileges) prior to accepting such data.
Assessment, Authorization, and Monitoring (CA)
(a) Identify transitive (downstream) information exchanges with other systems through the systems identified in CA-3a; and (b) Take measures to ensure that transitive (downstream) information exchanges cease when the controls on identified transitive (downstream) systems cannot be verified or validated.
Assessment, Authorization, and Monitoring (CA)
Level N/A
[Withdrawn: Incorporated into CA-2.]
Assessment, Authorization, and Monitoring (CA)
Level N/A
a. Develop a plan of action and milestones for the system to document the planned remediation actions of the organization to correct weaknesses or deficiencies noted during the assessment of the controls and to reduce or eliminate known vulnerabilities in the system; and b. Update existing plan of action and milestones [Assignment: organization-defined frequency] based on the findings from control assessments, independent audits or reviews, and continuous monitoring activities.
Assessment, Authorization, and Monitoring (CA)
Ensure the accuracy, currency, and availability of the plan of action and milestones for the system using [Assignment: organization-defined automated mechanisms].
Assessment, Authorization, and Monitoring (CA)
Level N/A
a. Assign a senior official as the authorizing official for the system; b. Assign a senior official as the authorizing official for common controls available for inheritance by organizational systems; c. Ensure that the authorizing official for the system, before commencing operations: 1. Accepts the use of common controls inherited by the system; and 2. Authorizes the system to operate; d. Ensure that the authorizing official for common controls authorizes the use of those controls for inheritance by organizational systems; e. Update the authorizations [Assignment: organization-defined frequency].
