Continuous Monitoring ConMon

To advance the state of the art in continuous monitoring capabilities and to further interoperability within commercially available tools, the Computer Security Division is working within the international standards development community to establish working groups and to author and comment on emerging technical standards in this area. The CAESARS-FE reference architecture will evolve as greater consensus is developed around interoperable, standards-based approaches that enable continuous monitoring of IT systems.

The NCCoE is also working to develop a series of ConMon building blocks that demonstrate cybersecurity solutions that apply across multiple industry sectors. The first building block, currently under development, proposes a standardized approach to software asset management, providing an organization with an integrated view of software throughout its lifecycle. The building block will support:

• Authorization and verification of software installation media – Verifies that the media is from a trusted software publisher and that the installation media has not been tampered with
• Software execution whitelisting – Verifies that the software is authorized to run and has not been tampered with
• Publication of installed software inventory – A device that securely communicates what software is installed to an organization-wide database
• Software inventory-based network access control – A device’s level of access to a network is determined by what software is or is not present on the device and whether its patches are up to date.