Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Information Security Continuous Monitoring (ISCM) for Federal Information Systems and Organizations

Published

Author(s)

Kelley L. Dempsey, L A. Johnson, Matthew A. Scholl, Kevin M. Stine, Alicia Clay Jones, Angela Orebaugh, Nirali S. Chawla, Ronald Johnston

Abstract

The purpose of this guideline is to assist organizations in the development of a continuous monitoring strategy and the implementation of a continuous monitoring program providing visibility into organizational assets, awareness of threats and vulnerabilities, and visibility into the effectiveness of deployed security controls. It provides ongoing assurance that planned and implemented security controls are aligned with organizational risk tolerance as well as the information needed to respond to risk in a timely manner should observations indicate that the security controls are inadequate.
Citation
Special Publication (NIST SP) - 800-137
Report Number
800-137

Keywords

continuous monitoring, ISCM, information security, security, risk management

Citation

Dempsey, K. , Johnson, L. , Scholl, M. , Stine, K. , Clay, A. , Orebaugh, A. , Chawla, N. and Johnston, R. (2011), Information Security Continuous Monitoring (ISCM) for Federal Information Systems and Organizations, Special Publication (NIST SP), National Institute of Standards and Technology, Gaithersburg, MD, [online], https://doi.org/10.6028/NIST.SP.800-137 (Accessed October 14, 2024)

Issues

If you have any questions about this publication or are having problems accessing it, please contact reflib@nist.gov.

Created September 30, 2011, Updated November 10, 2018