ISCMA: An Information Security Continuous Monitoring Program Assessment
Victoria Pillitteri, Kelley Dempsey, Chad Baer, Ron Rudman, Robert Niemeyer, Susan Urban
This publication describes an example methodology for assessing an organization's Information Security Continuous Monitoring (ISCM) program. It was developed directly from NIST guidance and is applicable to any organization, public or private. It can be used as documented or as the starting point for a different methodology. Included with the methodology is a reference implementation that is directly usable for conducting an ISCM assessment.
, Dempsey, K.
, Baer, C.
, Rudman, R.
, Niemeyer, R.
and Urban, S.
ISCMA: An Information Security Continuous Monitoring Program Assessment, NIST Interagency/Internal Report (NISTIR), National Institute of Standards and Technology, Gaithersburg, MD, [online], https://doi.org/10.6028/NIST.IR.8212, https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=932084
(Accessed May 13, 2021)