Take a sneak peek at the new NIST.gov and let us know what you think!
(Please note: some content may not be complete on the beta site.).
NIST Authors in Bold
|Author(s):||Ronald S. Ross;|
|Title:||What Continuous Monitoring Really Means|
|Published:||July 24, 2012|
|Abstract:||[Print Title: "Establishing a Secure Framework"] Recently, NIST completed a fundamental transformation of the traditional certification and accreditation process into a comprehensive, near real-time, security life cycle process as part of a Risk Management Framework (RMF). The RMF, described in NIST Special Publication 800-37, provides a dynamic, six-step approach to managing cybersecurity risk. The strength of the RMF is based on the comprehensive nature of the framework which focuses as much attention on selecting the right security controls and effectively implementing those controls as it does on security assessment, authorization, and continuous monitoring. The strategy is simple. ,Build It Right, Then Continuously Monitor.Š The RMF, when used in conjunction with the three-tiered enterprise risk management approach described in NIST SP 800-39 (Tier 1-governance level, Tier 2-mission/business process level, and Tier 3-information system level) and the broad-based continuous monitoring guidance in NIST SP 800-137, provides a comprehensive process for developing, implementing, and monitoring a cybersecurity program capable of protecting core organizational missions and business functions from a range of threats, including cyber attacks. Article can also be viewed at FedTech: http://www.fedtechmagazine.com/article/2012/07/what-continuous-monitoring-really-means|
|Pages:||pp. 47 - 47|
|Keywords:||cybersecurity, continuous monitoring, Risk Management Framework, RMF|
|Research Areas:||Computer Security, Cybersecurity|
|PDF version:||Click here to retrieve PDF version of paper (185KB)|