PM-14: Testing, Training, and Monitoring
From NIST's SP800-53:
a. Implement a process for ensuring that organizational plans for conducting security and privacy testing, training, and monitoring activities associated with organizational systems: 1. Are developed and maintained; and 2. Continue to be executed; and b. Review testing, training, and monitoring plans for consistency with the organizational risk management strategy and organization-wide priorities for risk response actions.
Cyber Threat Graph Context
Explore how this control relates to the wider threat graph
SP800-53 Control Mapped to NIST Cyber Security Framework
Generated from NISTs SP800-53/CSF Crosswalk mappings.
| Control ID | Description |
|---|---|
| DE.DP-3 | Detection processes are tested |
| DE.DP-5 | Detection processes are continuously improved |
| DE.DP-2 | Detection activities comply with all applicable requirements |
| PR.IP-10 | Response and recovery plans are tested |
| DE.DP-1 | Roles and responsibilities for detection are well defined to ensure accountability |