Back

Establish, implement, and maintain a collection management program.


CONTROL ID
14013
CONTROL TYPE
Business Processes
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS



This Control directly supports the implied Control(s):
  • Operational management, CC ID: 00805

This Control has the following implementation support Control(s):
  • Receive and follow up on information collection requests., CC ID: 14075
  • Disseminate information collected using collection resources to all interested personnel and affected parties., CC ID: 14089
  • Establish, implement, and maintain a collection plan., CC ID: 14021
  • Establish and maintain electronic target folders, as necessary., CC ID: 14320
  • Provide feedback regarding the collection management program to all interested personnel and affected parties., CC ID: 14262


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH



  • how and when information is to be collected, analysed and evaluated; (Section 7.5 ¶ 1(b) bullet 3, ISO/IEC 19770-1, Information technology — IT asset management — Part 1: IT asset management systems — Requirements, Third Edition, 2017-12)
  • Information systems capture internal and external sources of data. (CC2.1 ¶ 3 Bullet 2 Captures Internal and External Sources of Data, 2017 Trust Services Criteria for Security, Availability, Processing Integrity, Confidentiality, and Privacy (with Revised Points of Focus – 2022))
  • GENERAL PURPOSE.—Not later than January 1, 1997, the Secretary shall establish a national health care fraud and abuse data collection program for the reporting of final adverse actions (not including settlements in which no findings of liability have been made) against health care providers, suppl… (§ 1128E(a), Health Insurance Portability and Accountability Act of 1996 (HIPAA), Public Law 104-191, 104th Congress)
  • Construct collection plans and matrixes using established guidance and procedures. (T0626, National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework, NIST Special Publication 800-181)
  • Work closely with planners, intelligence analysts, and collection managers to ensure intelligence requirements and collection plans are accurate and up-to-date. (T0834, National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework, NIST Special Publication 800-181)
  • Provide advisory and advocacy support to promote collection planning as an integrated component of the strategic campaign plans and other adaptive plans. (T0780, National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework, NIST Special Publication 800-181)
  • Revise collection matrix based on availability of optimal assets and resources. (T0814, National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework, NIST Special Publication 800-181)
  • Identify and mitigate risks to collection management ability to support the plan, operations and target cycle. (T0725, National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework, NIST Special Publication 800-181)
  • Analyze plans, directives, guidance and policy for factors that would influence collection management's operational structure and requirement s (e.g., duration, scope, communication requirements, interagency/international agreements). (T0568, National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework, NIST Special Publication 800-181)
  • Assess and apply operational environment factors and risks to collection management process. (T0573, National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework, NIST Special Publication 800-181)
  • Construct collection plans and matrixes using established guidance and procedures. (T0626, Reference Spreadsheet for the Workforce Framework for Cybersecurity (NICE Framework)”, July 7, 2020)
  • Provide advisory and advocacy support to promote collection planning as an integrated component of the strategic campaign plans and other adaptive plans. (T0780, Reference Spreadsheet for the Workforce Framework for Cybersecurity (NICE Framework)”, July 7, 2020)
  • Revise collection matrix based on availability of optimal assets and resources. (T0814, Reference Spreadsheet for the Workforce Framework for Cybersecurity (NICE Framework)”, July 7, 2020)
  • Work closely with planners, intelligence analysts, and collection managers to ensure intelligence requirements and collection plans are accurate and up-to-date. (T0834, Reference Spreadsheet for the Workforce Framework for Cybersecurity (NICE Framework)”, July 7, 2020)
  • Assess and apply operational environment factors and risks to collection management process. (T0573, Reference Spreadsheet for the Workforce Framework for Cybersecurity (NICE Framework)”, July 7, 2020)
  • Analyze plans, directives, guidance and policy for factors that would influence collection management's operational structure and requirement s (e.g., duration, scope, communication requirements, interagency/international agreements). (T0568, Reference Spreadsheet for the Workforce Framework for Cybersecurity (NICE Framework)”, July 7, 2020)
  • Identify and mitigate risks to collection management ability to support the plan, operations and target cycle. (T0725, Reference Spreadsheet for the Workforce Framework for Cybersecurity (NICE Framework)”, July 7, 2020)