|
CA-01
|
Policy and Procedures |
|
|
|
|
|
CA-02
|
Control Assessments |
|
|
|
|
|
CA-02(01)
|
Independent Assessors |
|
|
|
|
|
CA-02(02)
|
Specialized Assessments |
|
|
|
|
|
CA-02(03)
|
Leveraging Results from External Organizations |
|
|
|
|
|
CA-03
|
Information Exchange |
|
|
|
|
|
CA-03(01)
|
Unclassified National Security System Connections |
Moved to
SC-7.25.
|
|
CA-03(02)
|
Classified National Security System Connections |
Moved to
SC-7.26.
|
|
CA-03(03)
|
Unclassified Non-national Security System Connections |
Moved to
SC-7.27.
|
|
CA-03(04)
|
Connections to Public Networks |
Moved to
SC-7.28.
|
|
CA-03(05)
|
Restrictions on External System Connections |
Moved to
SC-7.5.
|
|
CA-03(06)
|
Transfer Authorizations |
|
|
|
|
|
CA-03(07)
|
Transitive Information Exchanges |
|
|
|
|
|
CA-04
|
Security Certification |
Incorporated into
CA-2.
|
|
CA-05
|
Plan of Action and Milestones |
|
|
|
|
|
CA-05(01)
|
Automation Support for Accuracy and Currency |
|
|
|
|
|
CA-06
|
Authorization |
|
|
|
|
|
CA-06(01)
|
Joint Authorization — Intra-organization |
|
|
|
|
|
CA-06(02)
|
Joint Authorization — Inter-organization |
|
|
|
|
|
CA-07
|
Continuous Monitoring |
|
|
|
|
|
CA-07(01)
|
Independent Assessment |
|
|
|
|
|
CA-07(02)
|
Types of Assessments |
Incorporated into
CA-2.
|
|
CA-07(03)
|
Trend Analyses |
|
|
|
|
|
CA-07(04)
|
Risk Monitoring |
|
|
|
|
|
CA-07(05)
|
Consistency Analysis |
|
|
|
|
|
CA-07(06)
|
Automation Support for Monitoring |
|
|
|
|
|
CA-08
|
Penetration Testing |
|
|
|
|
|
CA-08(01)
|
Independent Penetration Testing Agent or Team |
|
|
|
|
|
CA-08(02)
|
Red Team Exercises |
|
|
|
|
|
CA-08(03)
|
Facility Penetration Testing |
|
|
|
|
|
CA-09
|
Internal System Connections |
|
|
|
|
|
CA-09(01)
|
Compliance Checks |
|
|
|
|