CMMC Practice CA.L2-3.12.3 – Security Control Monitoring: Monitor security controls on an ongoing basis to ensure the continued effectiveness of the controls.
Links to Publicly Available Resources
CMMC CLARIFICATION (Ref CMMC – Appendix B)
You should provide a plan for monitoring and assessing the state of security controls on a recurring basis that occurs more frequently than the periodic assessments discussed in CA.2.158. This process provides a mechanism to assess the overall security posture of your organization. As a result the process not only maintains awareness of vulnerabilities and threats, but also informs management of the effectiveness of the security controls in determining if security controls are current and for management to make an acceptable risk decision.