Security Assessment and Authorization (CA)

Security Assessment and Authorization (CA)

1. CA-1 – Security Assessment and Authorization Policies & Procedures

Program Frequency:



1. 
   Assesses the security controls in the information system and its environment of operation at least annually, or as stipulated in the organization's continuous monitoring program to determine the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting established security requirements
   

2. 
   Produces a security assessment report that documents the results of the assessment
   

3. 
   Provides the results of the security control assessment to the ISSP/SCA and the AO/AO REPRESENTATIVE
   

CONTINUOUS MONITORING STRATEGY

Click here to enter text.

CA-2(1) – Security Assessments: Independent Assessors

Program Frequency:



CONTINUOUS MONITORING STRATEGY

Click here to enter text.

2. CA-3 – Information System Connections

Program Frequency:



1. 
   Documents, for each interconnection, the interface characteristics, security requirements, and the nature of the information communicated
   

2. 
   Reviews and updates Interconnection Security Agreements annually.
   

CONTINUOUS MONITORING STRATEGY

Click here to enter text.

CA-3(2) – Information System Connections: Classified National Security System Connections

Program Frequency:



CONTINUOUS MONITORING STRATEGY

Click here to enter text.

CA-3(5) – Information System Connections: Restrictions on External Network Connections

Program Frequency:



CONTINUOUS MONITORING STRATEGY

Click here to enter text.

3. CA-5 – Plan of Action & Milestones

Program Frequency:



1. 
   Updates existing plan of action and milestones at least quarterly based on the findings from security controls assessments, security impact analyses, and continuous monitoring activities.
   

CONTINUOUS MONITORING STRATEGY

Click here to enter text.

4. CA-7 – Continuous Monitoring

Program Frequency:



1. 
   Establishment of monitoring frequency for each security control.
   

2. 
   Ongoing security control assessments in accordance with the organizational continuous monitoring strategy.
   

3. 
   Ongoing security status monitoring of organization-defined metrics in accordance with the organizational continuous monitoring strategy.
   

4. 
   Correlation and analysis of security-related information generated by assessments and monitoring
   

5. 
   Response actions to address results of the analysis of security-related information
   

6. 
   Reporting the security status of the organization and the information system to appropriate organizational officials at least annually, or whenever there is a significant change to the system or the environment in which the system operates
   

CONTINUOUS MONITORING STRATEGY

Click here to enter text.

CA-7(1) – Continuous Monitoring: Independent Assessment

Program Frequency:



CONTINUOUS MONITORING STRATEGY

Click here to enter text.

5. CA-9 – Internal System Connections

Program Frequency:



1. 
   Documents, for each internal connection, the interface characteristics, security requirements, and the nature of the information communicated
   

CONTINUOUS MONITORING STRATEGY

Click here to enter text.

6. 
   
   Directory: documents
   documents -> Concept stage
   documents -> Concept stage
   documents -> The great global switch-off
   documents -> Nonprofit grant application
   documents -> The Truth about the Rwandan Genocide
   documents -> Annual InStructional unit plan
   documents -> Chaos equipment included
   
   
   
   Download 0.65 Mb.
   
   Share with your friends: