NIST logo

Publication Citation: What Continuous Monitoring Really Means

NIST Authors in Bold

Author(s): Ronald S. Ross;
Title: What Continuous Monitoring Really Means
Published: July 24, 2012
Abstract: [Print Title: "Establishing a Secure Framework"] Recently, NIST completed a fundamental transformation of the traditional certification and accreditation process into a comprehensive, near real-time, security life cycle process as part of a Risk Management Framework (RMF). The RMF, described in NIST Special Publication 800-37, provides a dynamic, six-step approach to managing cybersecurity risk. The strength of the RMF is based on the comprehensive nature of the framework which focuses as much attention on selecting the right security controls and effectively implementing those controls as it does on security assessment, authorization, and continuous monitoring. The strategy is simple. ,Build It Right, Then Continuously Monitor.Š The RMF, when used in conjunction with the three-tiered enterprise risk management approach described in NIST SP 800-39 (Tier 1-governance level, Tier 2-mission/business process level, and Tier 3-information system level) and the broad-based continuous monitoring guidance in NIST SP 800-137, provides a comprehensive process for developing, implementing, and monitoring a cybersecurity program capable of protecting core organizational missions and business functions from a range of threats, including cyber attacks. Article can also be viewed at FedTech: http://www.fedtechmagazine.com/article/2012/07/what-continuous-monitoring-really-means
Citation: FedTech Magazine
Issue: Summer 2012
Pages: pp. 47 - 47
Keywords: cybersecurity; continuous monitoring, Risk Management Framework; RMF
Research Areas: Computer Security, Cybersecurity
PDF version: PDF Document Click here to retrieve PDF version of paper (185KB)