CMMCDocs.comHome / Glossary / CA.L2-3.12.3
CA.L2-3.12.3
Also known as: Continuous monitoring requirement
The NIST SP 800-171 requirement that mandates the contractor monitor security controls on an ongoing basis to ensure continued effectiveness.
CA.L2-3.12.3 requires the contractor to 'monitor security controls on an ongoing basis to ensure the continued effectiveness of the controls.' It is the foundational requirement for continuous monitoring.
In practice, continuous monitoring includes vulnerability scanning, log review, MFA enforcement verification, account reviews, configuration drift detection, training completion tracking, and other recurring activities that confirm controls remain effective between formal assessments.
A C3PAO will ask for the documented continuous monitoring strategy, the cadence of each monitoring activity, and evidence of recent monitoring outcomes.
Stop Googling. Start working.
CMMCDocs has all 110 NIST SP 800-171 Rev 2 requirements built in — with the language, the templates, and the evidence vault you need. Spin up a free demo workspace and click around the way an assessor would.
Get my demo account