| 8-21-1 Ensure Common, Hybrid, and System Specific Controls are securely functioning in Operations |
Phase D1 |
Phase D2 |
Phase D3 |
|
Ensure the security impact of proposed or actual changes to the information system and its environment of operation is determined.
|
NA
|
NA
|
Guide for Applying the Risk Management Framework to Federal Information Systems, NIST SP 800-37
|
| 8-21-2 Ensure the technical, management, and operational security controls employed within and inherited by the information system are in accordance with the organization-defined monitoring strategy |
Phase D1 |
Phase D2 |
Phase D3 |
|
Ensure the technical, management, and operational security controls employed within and inherited by the information system is assessed in accordance with the organization-defined monitoring strategy. Ensure the operational security plans are implemented and current.
|
AFMAN 63-119 A12.5
|
NA
|
Guide for Applying the Risk Management Framework to Federal Information Systems, NIST SP 800-37; AFMAN 63-119 or equivalent
|
| 8-21-3 Ensure remediation actions based on the results of ongoing monitoring activities, assessment of risk, and outstanding items in the plan of action and milestones are conducted |
Phase D1 |
Phase D2 |
Phase D3 |
|
Ensure remediation actions are conducted based on the results of ongoing monitoring activities, assessment of risk, and outstanding items in the plan of action and milestones.
|
NA
|
NA
|
Guide for Applying the Risk Management Framework to Federal Information Systems, NIST SP 800-37
|