CMMC 2.0 • LEVEL 2 • SECURITY ASSESSMENT

CA.L2-3.12.3Continuous Monitoring

Continuous monitoring at the system level facilitates ongoing awareness of the system security posture to support risk management decisions. The terms continuous and ongoing imply that organizations assess and monitor their systems at a frequency that is sufficient to support risk-based decisions. Different types of security requirements may require different monitoring frequencies.

NIST 800-171 Mapping

NIST 800-53 Controls

CA-7

Assessment Objectives

  • a system-level continuous monitoring strategy is developed.
  • a system-level continuous monitoring strategy is implemented.
  • ongoing monitoring is included in the continuous monitoring strategy.
  • security assessments are included in the continuous monitoring strategy.

Practitioner Notes

Practitioner commentary coming soon.

Related CMMC 2.0 Practices

CA.L2-3.12.1 Security Assessment CA.L2-3.12.2 Plan of Action and Milestones CA.L2-3.12.4 Develop, Document, and Periodically Update System Security Plans