This bulletin summarizes the information presented in NIST Special Publication (SP) 800-137, Information Security Continuous Monitoring (ISCM) for Federal Information Systems and Organizations. The guide helps organizations develop an ISCM strategy and implement an ISCM program that provides awareness of threats and vulnerabilities of information systems, and that facilitates the assessment of organizational assets and the effectiveness of security controls. The bulletin explains the importance of information system continuous monitoring in protecting information systems and information, the role of ISCM in the Risk Management Framework, the integration of ISCM in organizational risk assessment activities, and the details of the organizational ISCM process. References are provided to additional sources of information on ongoing monitoring of information systems and on the Risk Management Framework.
This bulletin summarizes the information presented in NIST Special Publication (SP) 800-137, Information Security Continuous Monitoring (ISCM) for Federal Information Systems and Organizations. The guide helps organizations develop an ISCM strategy and implement an ISCM program that provides...
See full abstract
This bulletin summarizes the information presented in NIST Special Publication (SP) 800-137, Information Security Continuous Monitoring (ISCM) for Federal Information Systems and Organizations. The guide helps organizations develop an ISCM strategy and implement an ISCM program that provides awareness of threats and vulnerabilities of information systems, and that facilitates the assessment of organizational assets and the effectiveness of security controls. The bulletin explains the importance of information system continuous monitoring in protecting information systems and information, the role of ISCM in the Risk Management Framework, the integration of ISCM in organizational risk assessment activities, and the details of the organizational ISCM process. References are provided to additional sources of information on ongoing monitoring of information systems and on the Risk Management Framework.
Hide full abstract
Keywords
cyber security; Federal Information Security Management Act; information security; information system continuous monitoring; information system life cycle; information technology; risk assessment; Risk Management Framework; security controls; security impact assessments; security plans; security requirements; security risks; threats to systems; vulnerabilities
