OpenControls Logo

STIG Viewer

NIST 800-53 Rev 5

424 controls available

My Controls0NIST 800-53 Catalog424Collections0
PM-14privacy

Testing, Training, and Monitoring

Program Management

Control Statement

Implement a process for ensuring that organizational plans for conducting security and privacy testing, training, and monitoring activities associated with organizational systems: Are developed and maintained; and Continue to be executed; and Review testing, training, and monitoring plans for consistency with the organizational risk management strategy and organization-wide priorities for risk response actions.

Discussion

A process for organization-wide security and privacy testing, training, and monitoring helps ensure that organizations provide oversight for testing, training, and monitoring activities and that those activities are coordinated. With the growing importance of continuous monitoring programs, the implementation of information security and privacy across the three levels of the risk management hierarchy and the widespread use of common controls, organizations coordinate and consolidate the testing and monitoring activities that are routinely conducted as part of ongoing assessments supporting a variety of controls. Security and privacy training activities, while focused on individual systems and specific roles, require coordination across all organizational elements. Testing, training, and monitoring plans and activities are informed by current threat and vulnerability assessments.

Framework
NIST SP 800-53 Rev 5
Family
Program Management
Baselines
privacy

Related Frameworks

21 paths across 1 framework
CCI21 mappings
CCI-002998
1.00
  • DISA · 2025-01-23 · disa_cci_list · equivalent
CCI-002999
1.00
  • DISA · 2025-01-23 · disa_cci_list · equivalent
CCI-003000
1.00
  • DISA · 2025-01-23 · disa_cci_list · equivalent
CCI-003001
1.00
  • DISA · 2025-01-23 · disa_cci_list · equivalent
CCI-003002
1.00
  • DISA · 2025-01-23 · disa_cci_list · equivalent
CCI-003003
1.00
  • DISA · 2025-01-23 · disa_cci_list · equivalent
CCI-003004
1.00
  • DISA · 2025-01-23 · disa_cci_list · equivalent
CCI-003005
1.00
  • DISA · 2025-01-23 · disa_cci_list · equivalent
CCI-003006
1.00
  • DISA · 2025-01-23 · disa_cci_list · equivalent
CCI-003007
1.00
  • DISA · 2025-01-23 · disa_cci_list · equivalent
CCI-003008
1.00
  • DISA · 2025-01-23 · disa_cci_list · equivalent
CCI-003009
1.00
  • DISA · 2025-01-23 · disa_cci_list · equivalent
CCI-004353
1.00
  • DISA · 2025-01-23 · disa_cci_list · equivalent
CCI-004354
1.00
  • DISA · 2025-01-23 · disa_cci_list · equivalent
CCI-004355
1.00
  • DISA · 2025-01-23 · disa_cci_list · equivalent
CCI-004356
1.00
  • DISA · 2025-01-23 · disa_cci_list · equivalent
CCI-004357
1.00
  • DISA · 2025-01-23 · disa_cci_list · equivalent
CCI-004358
1.00
  • DISA · 2025-01-23 · disa_cci_list · equivalent
CCI-004359
1.00
  • DISA · 2025-01-23 · disa_cci_list · equivalent
CCI-004360
1.00
  • DISA · 2025-01-23 · disa_cci_list · equivalent
CCI-004361
1.00
  • DISA · 2025-01-23 · disa_cci_list · equivalent

Related STIGs

2 STIGs reach this control through 21 CCIs. Expand a row to see the responsible NICE and O*NET roles.

Web / Application Server

2 STIGs
Application Security and Development Security Technical Implementation Guide
62025-02-121 of 286 findings match
Application Security and Development Security Technical Implementation Guide
V6R42025-09-091 of 286 findings match