Continuous Monitoring
Continuous monitoring is a risk management approach to cybersecurity that maintains an accurate picture of an agency’s security risk posture, provides visibility into assets, and leverages use of automated data feeds to quantify risk, ensure effectiveness of security controls, and implement prioritized remedies. A well-designed and well-managed continuous monitoring program can effectively transform an otherwise static security control assessment and risk determination process into a dynamic process that provides essential, near real-time security status.
In today’s environment of widespread cyber-intrusions, advanced persistent threats, and insider threats, it is essential for agencies to have real-time accurate knowledge of their enterprise IT overall security posture. Agencies need to constantly know and remain aware of their enterprise security status so that responses to external and internal threats can be made swiftly.
Resources
Fiscal Year 2011 Report to Congress on the Implementation of The Federal Information Security Management Act of 2002 (March 7, 2012)
