Assessment, Authorization, and Monitoring
NIST SP 800-53 Rev 5 Assessment, Authorization, and Monitoring controls.
Policy and Procedures
Develop, document, and disseminate to [parameter]:
Control Assessments
Select the appropriate assessor or assessment team for the type of assessment to be conducted;
Information Exchange
Approve and manage the exchange of information between the system and other systems using [parameter];
Security Certification
Security Certification
Plan of Action and Milestones
Develop a plan of action and milestones for the system to document the planned remediation actions of the organization to correct weaknesses or deficiencies noted during the assessment of the controls and to reduce or eliminate known vulnerabilities in the system; and
Authorization
Assign a senior official as the authorizing official for the system;
Continuous Monitoring
Develop a system-level continuous monitoring strategy and implement continuous monitoring in accordance with the organization-level continuous monitoring strategy that includes:
Penetration Testing
Conduct penetration testing [parameter] on [parameter].
Internal System Connections
Authorize internal connections of [parameter] to the system;