CMMC Practice - CA.2.157

Develop, document, and periodically update system security plans that describe system boundaries, system environments of operation, how security requirements are implemented, and the relationships with or connections to other systems.

CMMC Practice - CA.2.158

Periodically assess the security controls in organizational systems to determine if the controls are effective in their application.

CMMC Practice - CA.2.159

Develop and implement plans of action designed to correct deficiencies and reduce or eliminate vulnerabilities in organizational systems.

CMMC Practice - CA.3.161

Monitor security controls on an ongoing basis to ensure the continued effectiveness of the controls.

CMMC Practice - CA.3.162

Employ a security assessment of enterprise software that has developed internally, for internal use, and that has been organizationally defined as an area of risk.