PM-31: Continuous Monitoring Strategy

Statement

• Develop an organization-wide continuous monitoring strategy and implement continuous monitoring programs that include:

  • a.

    Establishing the following organization-wide metrics to be monitored: metrics ;

  • b.

    Establishing monitoring frequencies and assessment frequencies for control effectiveness;

  • c.

    Ongoing monitoring of organizationally-defined metrics in accordance with the continuous monitoring strategy;

  • d.

    Correlation and analysis of information generated by control assessments and monitoring;

  • e.

    Response actions to address results of the analysis of control assessment and monitoring information; and

  • f.

    Reporting the security and privacy status of organizational systems to organization-defined personnel or roles organization-defined frequency .