Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

NIST Releases an Example Implementation Tool for NISTIR 8212: An Information Security Continuous Monitoring Program Assessment

NIST has published NISTIR 8212, "An Information Security Continuous Monitoring Program Assessment," and the ISCMAx tool that implements the ISCM program assessment described in SP 800-137A.

Information security continuous monitoring (ISCM) programs provide an understanding of risk tolerance and help officials set priorities and consistently manage information security risk throughout the organization.

NISTIR 8212, An Information Security Continuous Monitoring Program Assessment, provides an operational approach to the assessment of an organization’s ISCM program using ISCMAxa free, publicly available working implementation of the ISCM program assessment described in NIST SP 800-137A. NISTIR 8212 provides instructions for using ISCMAx and guidance for tailoring the ISCMAx tool, if desired. ISCMAx is an example implementation to facilitate making, collecting, and consolidating ISCM Program Assessment Judgements, as well as recording and reporting scores and data for analysis and action.

The ISCMAx tool is a macro-enabled Microsoft Excel application that runs on Windows-based systems only. ISCMAx is not intended to be a production-level product. Download ISCMAx and NISTIR 8212 from the publication details.

Released March 31, 2021, Updated April 6, 2021