CA-7: Continuous Monitoring

NIST Baseline:  Low 

Privacy Baseline:  Yes 

DIR Required By:  07/20/2023 

Review Date:  06/26/2024 

The Tarleton Chief Information Security Officer (CISO) or their designee must develop and implement a Continuous Monitoring Plan that includes:  

1. A list of the information resource metrics to be monitored;  

2. A methodology for monitoring and assessing the effectiveness of security controls;  

3. Ongoing security status monitoring of defined metrics;  

4. Correlation and analysis of security related information generated by assessments and monitoring;  

5. Response actions to address results of the analysis of control assessment and monitoring information; and  

6. Reporting the information security status of Tarleton to the Tarleton Chief Information Officer (CIO) and applicable executive leadership as needed. 

---

References/Additional Resources 

1 TAC § 202.27 (c)(1)(B)  

1 TAC § 202.77 (c)(1)(B)