Date Published: September 2011
Author(s)
Kelley Dempsey (NIST),
Nirali Chawla (PwC),
L. Johnson (NIST),
Ronald Johnston (DoD),
Alicia Jones (BAH),
Angela Orebaugh (BAH),
Matthew Scholl (NIST),
Kevin Stine (NIST)
The purpose of this guideline is to assist organizations in the development of a continuous monitoring strategy and the implementation of a continuous monitoring program providing visibility into organizational assets, awareness of threats and vulnerabilities, and visibility into the effectiveness of deployed security controls. It provides ongoing assurance that planned and implemented security controls are aligned with organizational risk tolerance as well as the information needed to respond to risk in a timely manner should observations indicate that the security controls are inadequate.
The purpose of this guideline is to assist organizations in the development of a continuous monitoring strategy and the implementation of a continuous monitoring program providing visibility into organizational assets, awareness of threats and vulnerabilities, and visibility into the effectiveness o...
See full abstract
The purpose of this guideline is to assist organizations in the development of a continuous monitoring strategy and the implementation of a continuous monitoring program providing visibility into organizational assets, awareness of threats and vulnerabilities, and visibility into the effectiveness of deployed security controls. It provides ongoing assurance that planned and implemented security controls are aligned with organizational risk tolerance as well as the information needed to respond to risk in a timely manner should observations indicate that the security controls are inadequate.
Hide full abstract
Keywords
Continuous monitoring; ISCM; information security; security; risk management;
Control Families
Audit and Accountability;
Security Assessment and Authorization;
Configuration Management;
Planning;
Program Management;
Risk Assessment;