CA - Assessment, Authorization, and Monitoring

The CA family defines processes for assessing security controls, obtaining authorizations to operate, and continuously monitoring information systems to ensure ongoing risk management. It includes controls for planning, conducting, and reporting assessments, granting and maintaining authorizations, and establishing continuous monitoring strategies.