PM-14: TESTING, TRAINING, AND MONITORING
PROGRAM MANAGEMENT & INDUSTRIAL CONTROL SYSTEMS
ICS Control Baselines:
- Program Management is baseline independent.
- a. Implements a process for ensuring that organizational plans for conducting security testing, training, and monitoring activities associated with organizational information systems:
- Are developed and maintained; and
- Continue to be executed in a timely manner;
This control ensures that organizations provide oversight for the security testing, training, and monitoring activities conducted organization-wide and that those activities are coordinated. With the importance of continuous monitoring programs, the implementation of information security across the three tiers of the risk management hierarchy, and the widespread use of common controls, organizations coordinate and consolidate the testing and monitoring activities that are routinely conducted as part of ongoing organizational assessments supporting a variety of security controls. Security training activities, while typically focused on individual information systems and specific roles, also necessitate coordination across all organizational elements. Testing, training, and monitoring plans and activities are informed by current threat and vulnerability assessments.
ICS SUPPLEMENTAL GUIDANCE
No ICS Supplemental Guidance.
RELATED CONTROLS: PM-14
NO CONTROL ENHANCEMENTS
- NIST Special Publication 800-82
- NIST Special Publication 800-137
- NIST Special Publication 800-16
- NIST Special Publication 800-37
- NIST Special Publication 800-53A