Defining and Planning Continuous Monitoring for NIST Requirements

Aug 01, 2011

Download The National Institute for Standards and Technology (NIST) recently released new Federal Information System Management Act (FISMA) guidance in two publications. The aim of the new guidance is to help federal agencies develop a continuous monitoring program as part of a risk management framework. It is also supposed to help the government gain an enterprise-wide view of its security stance by using automation to roll up reports of security information across all agencies.

In this paper, we:

� Provide an overview of the concept of continuous monitoring

� Discuss new FISMA guidance around continuous monitoring described by NIST special publications

� Describe the relationship of continuous monitoring to CyberScope

� Discuss how automation is a critical aspect of both continuous monitoring and reporting

� Give three practical steps for getting started with a continuous monitoring program

This paper will guide you toward building a continuous monitoring program that can help security teams more effectively and efficiently manage the security risk of federal information systems.