It is important that activities associated with security and privacy testing, training and monitoring are coordinated across the university. Coordination enables plans and activities to be informed by current threat and vulnerability assessments.


  • The university‚Äôs Chief Information Security Officer (CISO) has the primary responsibility for the implementation of this Control.


  • 1

    In accordance with RA-5 and CA-2, security testing and assessment is the sole purview of the Office of the CISO.

  • 2

    All activities related to security and privacy training shall be coordinated by the Office of the CISO.

  • 3

    In accordance with AU-1 and CA-7, system monitoring of university information resources shall be coordinated with the Office of the CISO.

  • 4

    Testing, training, and monitoring plans shall be reviewed for consistency with the university risk management strategy and university-wide priorities for risk response actions.