>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

CA.L2-3.12.3Security Control Monitoring

Level 2
800-171: 3.12.3

>Control Description

Monitor security controls on an ongoing basis to ensure the continued effectiveness of the controls.

>Cross-Framework Mappings

NIST SP 800-171

3.12.3
Compare

SCF

CPL-02
Compare
THR-01
Compare
THR-03
Compare

>Assessment Interview Topics

Questions assessors commonly ask

Process & Governance:

  • What is your continuous monitoring policy and program?
  • How do you determine which controls require ongoing monitoring?
  • Who is responsible for the continuous monitoring program?
  • What is your process for responding to control effectiveness issues identified through monitoring?
  • How often do you report on continuous monitoring results?

Technical Implementation:

  • What continuous monitoring tools track control effectiveness?
  • What automated monitoring technologies are deployed?
  • How do you technically verify controls remain effective over time?
  • What dashboards provide visibility into control status?
  • What alerts notify you of control failures or degradation?

Evidence & Documentation:

  • What system security plans (SSPs) document security controls?
  • What assessment reports demonstrate control testing?
  • What POA&M documents track remediation of deficiencies?
  • What continuous monitoring reports show ongoing control effectiveness?
  • What assessment procedures and test plans can you provide?
  • What evidence shows assessments are conducted by qualified personnel?

Ask AI

Configure your API key to use AI features.