Information Security Continuous Monitoring (ISCM) for Federal Information Systems and Organizations

Kelley L. Dempsey; L A. Johnson; Matthew A. Scholl; Kevin M. Stine; Alicia  Clay Jones; Angela  Orebaugh; Nirali S. Chawla; Ronald  Johnston

The .gov means it’s official.
Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.

The site is secure.
The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.

PUBLICATIONS

Information Security Continuous Monitoring (ISCM) for Federal Information Systems and Organizations

Published

September 30, 2011

Author(s)

Kelley L. Dempsey, L A. Johnson, Matthew A. Scholl, Kevin M. Stine, Alicia Clay Jones, Angela Orebaugh, Nirali S. Chawla, Ronald Johnston

Abstract

The purpose of this guideline is to assist organizations in the development of a continuous monitoring strategy and the implementation of a continuous monitoring program providing visibility into organizational assets, awareness of threats and vulnerabilities, and visibility into the effectiveness of deployed security controls. It provides ongoing assurance that planned and implemented security controls are aligned with organizational risk tolerance as well as the information needed to respond to risk in a timely manner should observations indicate that the security controls are inadequate.

Citation

Special Publication (NIST SP) - 800-137

Report Number

800-137

NIST Pub Series

Special Publication (NIST SP)

Pub Type

NIST Pubs

Download Paper

DOI Link

Keywords

continuous monitoring, ISCM, information security, security, risk management

Cybersecurity

Created September 30, 2011, Updated November 10, 2018