Скачать или смотреть NIST 800-53 Control Family: Assessment, Authorization, Monitoring - CA

Assessment, Authorization, and Monitoring (CA)

1️⃣ Introduction to the Control:
This control ensures that security controls are not only implemented but regularly evaluated and approved by management. Organizations in this domain conduct periodic security assessments (audits, tests) of their systems, then make risk-based decisions to authorize those systems to operate. Importantly, it includes continuous monitoring of the security posture - tracking changes, new vulnerabilities, or emerging threats on an ongoing basis. In other words: GRC, ya nerds!!!!! 🙌 🙌

2️⃣ Organizational Applications/Examples:
Security Assessments: Annual security reviews and penetration tests on critical systems. Assessors verify that controls (firewalls, access controls, encryption, etc.) are working as intended and identify any new weaknesses. Management then formally signs off that System __ is authorized to operate, given the risks are accepted or mitigated.

Continuous Monitoring: An organization might use an automated vulnerability scanner that runs weekly, a configuration monitoring tool that alerts if a server’s settings drift from the approved baseline, and intrusion detection systems watching network traffic.
This continuous oversight helps maintain an approved security posture between formal assessments.

#assessment #cybersecurity #nist80053 #grc #securityawareness