Maintaining ongoing awareness of information security, vulnerabilities, and threats to support organizational risk management decisions.
Note: The terms “continuous” and “ongoing” in this context mean that security controls and organizational risks are assessed and analyzed at a frequency sufficient to support risk-based security decisions to adequately protect organization information.
See organizational information security continuous monitoring and automated security monitoring.
Sources:
CNSSI 4009-2015
from
NIST SP 800-137
Use of automated procedures to ensure security controls are not circumvented or the use of these tools to track actions taken by subjects suspected of misusing the information system.
Sources:
CNSSI 4009-2015
under automated security monitoring
See information security continuous monitoring (ISCM).
Sources:
CNSSI 4009-2015
under ongoing assessment and authorization
CNSSI 4009-2015
under ongoing authorization
Maintaining ongoing awareness of information security, vulnerabilities, and threats to support organizational risk management decisions.
[Note: The terms “continuous” and “ongoing” in this context mean that security controls and organizational risks are assessed and analyzed at a frequency sufficient to support risk-based security decisions to adequately protect organization information.]
Sources:
NIST SP 800-137
under Information Security Continuous Monitoring (ISCM)