CA — Assessment, Authorization, and Monitoring
20 controls in the Assessment, Authorization, and Monitoring family
CA-1Policy and Procedures
IL4 ModIL4 HighIL5IL6
CA-2Control Assessments
IL4 ModIL4 HighIL5IL6
CA-2(1)Control Assessments | Independent Assessors
IL4 ModIL4 HighIL5IL6
CA-2(2)Control Assessments | Specialized Assessments
IL4 HighIL5IL6
CA-2(3)Control Assessments | Leveraging Results from External Organizations
IL4 ModIL4 HighIL5IL6
CA-3Information Exchange
IL4 ModIL4 HighIL5IL6
CA-3(6)Information Exchange | Transfer Authorizations
IL4 HighIL5IL6
CA-5Plan of Action and Milestones
IL4 ModIL4 HighIL5IL6
CA-6Authorization
IL4 ModIL4 HighIL5IL6
CA-7Continuous Monitoring
IL4 ModIL4 HighIL5IL6
CA-7(1)Continuous Monitoring | Independent Assessment
IL4 ModIL4 HighIL5IL6
CA-7(3)Continuous Monitoring | Trend Analyses
IL5IL6
CA-7(4)Continuous Monitoring | Risk Monitoring
IL4 ModIL4 HighIL5IL6
CA-7(5)Continuous Monitoring | Consistency Analysis
IL5IL6
CA-7(6)Continuous Monitoring | Automation Support for Monitoring
IL5IL6
CA-8Penetration Testing
IL4 ModIL4 HighIL5IL6
CA-8(1)Penetration Testing | Independent Penetration Testing Agent or Team
IL4 ModIL4 HighIL5IL6
CA-8(2)Penetration Testing | Red Team Exercises
IL4 ModIL4 HighIL5IL6
CA-8(3)Penetration Testing | Facility Penetration Testing
IL5IL6
CA-9Internal System Connections
IL4 ModIL4 HighIL5IL6