03.12 Security Assessment and Monitoring (CA)

Home ‣System Security Plan R3 (SSP) ‣03 Control Families (CF) ‣03.12 Security Assessment and Monitoring (CA)

Introduction

NIST 800-171 Revision 3 provides guidance for protecting Controlled Unclassified Information (CUI). The family control "Security Assessment" focuses on periodically evaluating the effectiveness of security controls to determine if they are implemented correctly, operating as intended, and producing the desired outcome 1 in protecting CUI. This includes vulnerability scanning, penetration testing, and configuration checks.

Comment By wno***@q4q.com

Sunday 16th of February 2025

Phase 1 - A suggested method would be to include in your policy, a statement that mandates regular security assessments of our systems handling Controlled Unclassified Information (CUI). These assessments should include, at a minimum, vulnerability scanning to identify potential weaknesses, penetration testing to simulate real-world attacks and uncover exploitable vulnerabilities, and configuration checks to ensure our systems are configured securely and in accordance with established baselines. These activities should be conducted periodically, with the frequency determined by the risk level of the system and the sensitivity of the CUI it processes, to validate the effectiveness of our security controls and ensure they are protecting CUI as intended by NIST 800-171 Revision 3. The results of these assessments should be documented and used to inform continuous improvement efforts.

Allow Members to Add Personal Content (disabled)

What is XNETD?

XNETD is a developer of tools that assist in maintaining your network infrastructure. Every network to function properly it needs the right tools — we develop those tools.