Operations and Maintenance Phase

In this phase, configuration management continues with monitoring for configuration changes and establishing a change control process.

Continuous Monitoring maintains a constant vigil on some of the most critical components of information security and feeds the results back to the appropriate process: incident handling, change control, patch management, and more.



Any changes to controls or process must be documented in these key areas (among others):

  • I/AM
  • SSP
  • RA
  • CM
  • Security Assessment Report (SAR)

Leave a Reply

You must be logged in to post a comment.