The organization develops a continuous monitoring strategy and implements a continuous monitoring program that includes: CA-7a.
Establishment of Assignment: organization-defined metrics to be monitored; CA-7b.
Establishment of Assignment: organization-defined frequencies for monitoring and Assignment: organization-defined frequencies for assessments supporting such monitoring; CA-7c.
Ongoing security control assessments in accordance with the organizational continuous monitoring strategy; CA-7d.
Ongoing security status monitoring of organization-defined metrics in accordance with the organizational continuous monitoring strategy; CA-7e.
Correlation and analysis of security-related information generated by assessments and monitoring; CA-7f.
Response actions to address results of the analysis of security-related information; and CA-7g.
Reporting the security status of organization and the information system to Assignment: organization-defined personnel or roles Assignment: organization-defined frequency.