compliance controls are associated with this Policy definition 'Employ independent assessors for continuous monitoring' (3baee3fd-30f5-882c-018c-cc78703a0106)
| Control Domain |
Control |
Name |
MetadataId |
Category |
Title |
Owner |
Requirements |
Description |
Info |
Policy# |
| FedRAMP_High_R4 |
CA-7(1) |
FedRAMP_High_R4_CA-7(1) |
FedRAMP High CA-7 (1) |
Security Assessment And Authorization |
Independent Assessment |
Shared |
n/a |
The organization employs assessors or assessment teams with [Assignment: organization-defined level of independence] to monitor the security controls in the information system on an ongoing basis.
Supplemental Guidance: Organizations can maximize the value of assessments of security controls during the continuous monitoring process by requiring that such assessments be conducted by assessors or assessment teams with appropriate levels of independence based on continuous monitoring strategies. Assessor independence provides a degree of impartiality to the monitoring process. To achieve such impartiality, assessors should not: (i) create a mutual or conflicting interest with the organizations where the assessments are being conducted; (ii) assess their own work; (iii) act as management or employees of the organizations they are serving; or (iv) place themselves in advocacy positions for the organizations acquiring their services. |
link |
1 |
| FedRAMP_Moderate_R4 |
CA-7(1) |
FedRAMP_Moderate_R4_CA-7(1) |
FedRAMP Moderate CA-7 (1) |
Security Assessment And Authorization |
Independent Assessment |
Shared |
n/a |
The organization employs assessors or assessment teams with [Assignment: organization-defined level of independence] to monitor the security controls in the information system on an ongoing basis.
Supplemental Guidance: Organizations can maximize the value of assessments of security controls during the continuous monitoring process by requiring that such assessments be conducted by assessors or assessment teams with appropriate levels of independence based on continuous monitoring strategies. Assessor independence provides a degree of impartiality to the monitoring process. To achieve such impartiality, assessors should not: (i) create a mutual or conflicting interest with the organizations where the assessments are being conducted; (ii) assess their own work; (iii) act as management or employees of the organizations they are serving; or (iv) place themselves in advocacy positions for the organizations acquiring their services. |
link |
1 |
| hipaa |
0604.06g2Organizational.2-06.g |
hipaa-0604.06g2Organizational.2-06.g |
0604.06g2Organizational.2-06.g |
06 Configuration Management |
0604.06g2Organizational.2-06.g 06.02 Compliance with Security Policies and Standards, and Technical Compliance |
Shared |
n/a |
The organization has developed a continuous monitoring strategy and implemented a continuous monitoring program. |
|
7 |
| hipaa |
068.06g2Organizational.34-06.g |
hipaa-068.06g2Organizational.34-06.g |
068.06g2Organizational.34-06.g |
06 Configuration Management |
068.06g2Organizational.34-06.g 06.02 Compliance with Security Policies and Standards, and Technical Compliance |
Shared |
n/a |
The organization employs assessors or assessment teams with a level of independence appropriate to its continuous monitoring strategy to monitor the security controls in the information system on an ongoing basis. |
|
6 |
| NIST_SP_800-53_R4 |
CA-7(1) |
NIST_SP_800-53_R4_CA-7(1) |
NIST SP 800-53 Rev. 4 CA-7 (1) |
Security Assessment And Authorization |
Independent Assessment |
Shared |
n/a |
The organization employs assessors or assessment teams with [Assignment: organization-defined level of independence] to monitor the security controls in the information system on an ongoing basis.
Supplemental Guidance: Organizations can maximize the value of assessments of security controls during the continuous monitoring process by requiring that such assessments be conducted by assessors or assessment teams with appropriate levels of independence based on continuous monitoring strategies. Assessor independence provides a degree of impartiality to the monitoring process. To achieve such impartiality, assessors should not: (i) create a mutual or conflicting interest with the organizations where the assessments are being conducted; (ii) assess their own work; (iii) act as management or employees of the organizations they are serving; or (iv) place themselves in advocacy positions for the organizations acquiring their services. |
link |
1 |
| NIST_SP_800-53_R5 |
CA-7(1) |
NIST_SP_800-53_R5_CA-7(1) |
NIST SP 800-53 Rev. 5 CA-7 (1) |
Assessment, Authorization, and Monitoring |
Independent Assessment |
Shared |
n/a |
Employ independent assessors or assessment teams to monitor the controls in the system on an ongoing basis. |
link |
1 |