UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

PM-14 TESTING, TRAINING, AND MONITORING


Overview

Number Title Impact Priority Subject Area
PM-14 Testing, Training, And Monitoring Program Management

Instructions
The organization:
PM-14a.
Implements a process for ensuring that organizational plans for conducting security testing, training, and monitoring activities associated with organizational information systems:
       PM-14a.1.
Are developed and maintained; and
       PM-14a.2.
Continue to be executed in a timely manner;
PM-14b.
Reviews testing, training, and monitoring plans for consistency with the organizational risk management strategy and organization-wide priorities for risk response actions.
Guidance
This control ensures that organizations provide oversight for the security testing, training, and monitoring activities conducted organization-wide and that those activities are coordinated. With the importance of continuous monitoring programs, the implementation of information security across the three tiers of the risk management hierarchy, and the widespread use of common controls, organizations coordinate and consolidate the testing and monitoring activities that are routinely conducted as part of ongoing organizational assessments supporting a variety of security controls. Security training activities, while typically focused on individual information systems and specific roles, also necessitate coordination across all organizational elements. Testing, training, and monitoring plans and activities are informed by current threat and vulnerability assessments.

Enhancements