The National Institute for Standards and Technology (NIST) recently released new Federal Information System Management Act (FISMA) guidance in two publications. The aim of the new guidance is to help federal agencies develop a continuous monitoring program as part of a risk management framework. It is also supposed to help the government gain an enterprise-wide view of its security stance by using automation to roll up reports of security information across all agencies.
This white paper will:
- Provide an overview of the concept of continuous monitoring
- Discuss new FISMA guidance around continuous monitoring described by NIST special publications
- Describe the relationship of continuous monitoring to CyberScope
- Discuss how automation is a critical aspect of both continuous monitoring and reporting
- Give three practical steps for getting started with a continuous monitoring program