STIGs RMF Controls Compare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

Browse STIGs
Search
RMF Controls
Compare Versions

Resources

About
Release Notes
VPAT
DISA STIG Library

STIGs updated 7 hours ago

Powered by Pylon

© 2026 Beacon Cloud Solutions, Inc. All rights reserved.

← All Controls

CA-1

Assessment, Authorization, and MonitoringRev 5

Policy and Procedures

CCI Identifiers (21)

CCI-000238Defines the frequency to review and update the current assessment, authorization, and monitoring policy.CCI-000239Develop and document an organization-level; mission/business process; system-level assessment, authorization, and monitoring policy that addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance.CCI-000240Disseminates to organization-defined personnel or roles an organization-level; mission/business process; system-level assessment, authorization, and monitoring policy.CCI-000241Review and update the current assessment, authorization, and monitoring policy on an organization-defined frequency.CCI-000242Develop and document procedures to facilitate the implementation of the assessment, authorization, and monitoring policy and associated assessment, authorization, and monitoring controls.CCI-000243Disseminate to organization-defined personnel or roles procedures to facilitate the implementation of the assessment, authorization, and monitoring policy and associated assessment, authorization, and monitoring controls.CCI-000244Review and update the current assessment, authorization, and monitoring procedures on an organization-defined frequency.CCI-001578Defines the frequency to review and update the current assessment, authorization, and monitoring procedures.CCI-002060The organization develops and documents a security assessment and authorization policy that addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance.deprecated CCI-002061Defines the personnel or roles to whom the organization-level; mission/business process; system-level assessment, authorization, and monitoring policy is to be disseminated.CCI-002062Defines the personnel or roles to whom the assessment, authorization, monitoring procedures are to be disseminated.CCI-003849Disseminate an organization-level; mission/business process; system-level assessment, authorization, and monitoring policy that is consistent with applicable laws, Executive Orders, directives, regulations, policies, standards, and guidelines.CCI-003850Defines the personnel or roles to whom the assessment, authorization, and monitoring policy is to be disseminated.CCI-003851Designate an organization-defined official to manage the development and documentation of the assessment, authorization, and monitoring policy.CCI-003852Designate an organization-defined official to manage the development and documentation of the assessment, authorization, and monitoring procedures.CCI-003853Designate an organization-defined official to manage the dissemination of the assessment, authorization, and monitoring policy.CCI-003854Designate an organization-defined official to manage the dissemination of the assessment, authorization, and monitoring procedures.CCI-003855Review and update the current assessment, authorization, and monitoring policy following organization-defined events.CCI-003856Defines the events following reviewing and updating the current assessment, authorization, and monitoring policy.CCI-003857Review and update the current assessment and authorization procedures following organization-defined events.CCI-003858Defines the events following reviewing and updating the current assessment, authorization, and monitoring procedures.

Linked STIG Checks (0)

No STIG checks reference this control.