Continuous Monitoring

Continuous monitoring is found as a critical last step in many of the other processes including:

  • Risk management
  • Security control implementation
  • Configuration management
  • Authorization (C&A)

The most appropriate placement in the SDLC is probably within the configuration managment process, but since it is so important and ties into so many other processes, it will be covered in a collective fashion in this section.

Continuous monitoring is a dynamic process that requires near real-time security status information. Time sensitive process flows that depend on this are:

  • Security status analysis
  • Risk posture viewpoint
  • Mitigation decisions
  • Effectiveness of actions

Substeps inside the Continuous monitoring process include:

  • Control selection – priority should be given to:
    • Controls involved with the most critical processes
    • Controls with the greatest volatility
    • Common controls
    • POAMs
  • Monitoring:
    • Network monitoring
    • Vulnerability scanning
    • Audit monitoring
    • Integrity checking
  • Sharing information with partners
  • Updating documentation