Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

ISCMA: An Information Security Continuous Monitoring Program Assessment

Published

Author(s)

Victoria Yan Pillitteri, Kelley L. Dempsey, Chad Baer, Ron Rudman, Robert Niemeyer, Susan Urban

Abstract

This publication describes an example methodology for assessing an organization's Information Security Continuous Monitoring (ISCM) program. It was developed directly from NIST guidance and is applicable to any organization, public or private. It can be used as documented or as the starting point for a different methodology. Included with the methodology is a reference implementation that is directly usable for conducting an ISCM assessment.
Citation
NIST Interagency/Internal Report (NISTIR) - 8212
Report Number
8212

Keywords

assessment, continuous monitoring, information security continuous monitoring, information security continuous monitoring assessment, ISCM, ISCMA, ISCMAx

Citation

Pillitteri, V. , Dempsey, K. , Baer, C. , Rudman, R. , Niemeyer, R. and Urban, S. (2021), ISCMA: An Information Security Continuous Monitoring Program Assessment, NIST Interagency/Internal Report (NISTIR), National Institute of Standards and Technology, Gaithersburg, MD, [online], https://doi.org/10.6028/NIST.IR.8212, https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=932084 (Accessed December 12, 2024)

Issues

If you have any questions about this publication or are having problems accessing it, please contact reflib@nist.gov.

Created March 31, 2021, Updated November 29, 2022