< All Topics

Whenever “establish and maintain” (or “established and maintained”) is used as a phrase, it refers not only to the development and maintenance of the object of the practice (such as a policy) but to the documentation of the object and observable usage of the object. For example, “Formal agreements with external entities are established and maintained” means that not only are the agreements formulated, but they also are documented, have assigned ownership, and are maintained relative to corrective actions, changes in requirements, or improvements.

Source: CERT RMM v1.2

Click to rate this post!
[Total: 0 Average: 0]
Previous Encryption in Motion
Next Federal Contract Information
Table of Contents