CA-7(4): Continuous Monitoring – Risk Monitoring

NIST Baseline: Low

The following risk monitoring items should be included in the continuous monitoring plan:
- Effectiveness monitoring to determine the ongoing effectiveness of the implemented risk response measures;
- Compliance monitoring to verify that required risk response measures are implemented; and
- Change monitoring to identify changes to organizational systems and environments of operation that may affect security.

None. See any applicable internal procedures.