N
|
controlCA-7

Continuous Monitoring (CA-7)

Develop a system-level continuous monitoring strategy and implement continuous monitoring in accordance with the organization-level continuous monitoring strategy that includes:

Security Baselines

LOWMODERATEHIGH
assessmentauthorizationmonitoring

Why These Connect

Baselined In3

This control is included in the linked security baseline (LOW, MODERATE, or HIGH).

Supports63

These related controls work together — a change to one may affect the others.

Mitigates19

This control helps defend against or reduce the risk of the linked threat technique.

Enhances6

These enhancements add specific capabilities or refinements to the base control.

Related Controls(55)

AU-6Audit Record Review, Analysis, and Reporting (AU-6)
LMH
CA-2Control Assessments (CA-2)
LMH
CA-5Plan of Action and Milestones (CA-5)
LMH
CA-6Authorization (CA-6)
LMH
AC-2Account Management (AC-2)
LMH
AC-6Least Privilege (AC-6)
MH
AC-17Remote Access (AC-17)
LMH
AT-4Training Records (AT-4)
LMH
AU-13Monitoring for Information Disclosure (AU-13)CM-3Configuration Change Control (CM-3)
MH
CM-4Impact Analyses (CM-4)
LMH
CM-6Configuration Settings (CM-6)
LMH
CM-11User-installed Software (CM-11)
LMH
IA-5Authenticator Management (IA-5)
LMH
IR-5Incident Monitoring (IR-5)
LMH
MA-2Controlled Maintenance (MA-2)
LMH
MA-3Maintenance Tools (MA-3)
MH
MA-4Nonlocal Maintenance (MA-4)
LMH
PE-3Physical Access Control (PE-3)
LMH
PE-6Monitoring Physical Access (PE-6)
LMH
PE-14Environmental Controls (PE-14)
LMH
PE-16Delivery and Removal (PE-16)
LMH
PE-20Asset Monitoring and Tracking (PE-20)PL-2System Security and Privacy Plans (PL-2)
LMH
PM-4Plan of Action and Milestones Process (PM-4)PM-6Measures of Performance (PM-6)PM-9Risk Management Strategy (PM-9)PM-10Authorization Process (PM-10)PM-12Insider Threat Program (PM-12)PM-14Testing, Training, and Monitoring (PM-14)PM-23Data Governance Body (PM-23)PM-28Risk Framing (PM-28)PM-31Continuous Monitoring Strategy (PM-31)PS-7External Personnel Security (PS-7)
LMH
PT-7Specific Categories of Personally Identifiable Information (PT-7)RA-3Risk Assessment (RA-3)
LMH
RA-5Vulnerability Monitoring and Scanning (RA-5)
LMH
RA-7Risk Response (RA-7)
LMH
RA-10Threat Hunting (RA-10)SA-8Security and Privacy Engineering Principles (SA-8)
LMH
SA-9External System Services (SA-9)
LMH
SA-11Developer Testing and Evaluation (SA-11)
MH
SC-5Denial-of-service Protection (SC-5)
LMH
SC-7Boundary Protection (SC-7)
LMH
SC-18Mobile Code (SC-18)
MH
SC-38Operations Security (SC-38)SC-43Usage Restrictions (SC-43)SI-3Malicious Code Protection (SI-3)
LMH
SI-4System Monitoring (SI-4)
LMH
SI-12Information Management and Retention (SI-12)
LMH
SR-6Supplier Assessments and Reviews (SR-6)
MH
PM-32Purposing (PM-32)SA-24Design For Cyber Resiliency (SA-24)SC-28Protection of Information at Rest (SC-28)
MH
SI-6Security and Privacy Function Verification (SI-6)
H

Threat Coverage(19 ATT&CK techniques)

T1566PhishingT1190Exploit Public-Facing ApplicationT1204User ExecutionT1562Impair DefensesT1036MasqueradingT1046Network Service DiscoveryT1018Remote System DiscoveryT1570Lateral Tool TransferT1071Application Layer ProtocolT1573Encrypted ChannelT1105Ingress Tool TransferT1041Exfiltration Over C2 ChannelT1567Exfiltration Over Web ServiceT1048Exfiltration Over Alternative ProtocolT1499Endpoint Denial of ServiceT1498Network Denial of ServiceT1598Phishing for InformationT1583Acquire InfrastructureT1588Obtain Capabilities

Control Enhancements(6)

CA-7(1)Independent Assessment (CA-7(1))
MH
CA-7(2)Types of Assessments (CA-7(2))W
CA-7(3)Trend Analyses (CA-7(3))
CA-7(4)Risk Monitoring (CA-7(4))
LMH
CA-7(5)Consistency Analysis (CA-7(5))
CA-7(6)Automation Support for Monitoring (CA-7(6))

See Also

@SP 800-53 OverviewCompare Baselines