// Level 3 · Controls
Security Assessment
Periodically assess security controls.
3.12.1Medium
Periodic Control Assessment
Periodically assess the security controls to determine if they are effective.
3.12.2Medium
Plan of Action
Develop and implement plans of action designed to correct deficiencies.
3.12.3High
Continuous Monitoring
Monitor security controls on an ongoing basis to ensure continued effectiveness.
3.12.4Medium
System Security Plan
Develop, document, and periodically update system security plans.