CA — Assessment, Authorization, and Monitoring
32 controls in the Assessment, Authorization, and Monitoring family
CA-1Policy And Procedures
LOW
MODERATE
HIGH
PRIVACY
CA-2Control Assessments
LOW
MODERATE
HIGH
PRIVACY
CA-2(1)Independent Assessors
MODERATE
HIGH
CA-2(2)Specialized Assessments
HIGH
CA-2(3)Leveraging Results From External Organizations
CA-3Information Exchange
LOW
MODERATE
HIGH
CA-3(1)Unclassified National Security System Connections
CA-3(2)Classified National Security System Connections
CA-3(3)Unclassified Non-National Security System Connections
CA-3(4)Connections To Public Networks
CA-3(5)Restrictions On External System Connections
CA-3(6)Transfer Authorizations
HIGH
CA-3(7)Transitive Information Exchanges
CA-4Security Certification
CA-5Plan Of Action And Milestones
LOW
MODERATE
HIGH
PRIVACY
CA-5(1)Automation Support For Accuracy And Currency
CA-6Authorization
LOW
MODERATE
HIGH
PRIVACY
CA-6(1)Joint Authorization -- Intra-Organization
CA-6(2)Joint Authorization -- Inter-Organization
CA-7Continuous Monitoring
LOW
MODERATE
HIGH
PRIVACY
CA-7(1)Independent Assessment
MODERATE
HIGH
CA-7(2)Types Of Assessments
CA-7(3)Trend Analyses
CA-7(4)Risk Monitoring
LOW
MODERATE
HIGH
PRIVACY
CA-7(5)Consistency Analysis
CA-7(6)Automation Support For Monitoring
CA-8Penetration Testing
HIGH
CA-8(1)Independent Penetration Testing Agent Or Team
HIGH
CA-8(2)Red Team Exercises
CA-8(3)Facility Penetration Testing
CA-9Internal System Connections
LOW
MODERATE
HIGH
CA-9(1)Compliance Checks