Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

NIST IR 7756 (2nd Public Draft)

CAESARS Framework Extension: An Enterprise Continuous Monitoring Technical Reference Architecture

Date Published: January 2012
Comments Due: February 17, 2012 (public comment period is CLOSED)
Email Questions to: fe-comments@nist.gov

Planning Note (10/05/2022): NIST has discontinued additional development of this document, which is provided here in its entirety for historical purposes.

Author(s)

Peter Mell (NIST), David Waltermire (NIST), Larry Feldman (BAH), Harold Booth (NIST), Zach Ragland (BAH), Alfred Ouyang (MITRE), Timothy McBride (DHS)

Announcement

NIST announces the second public comment release of Draft NIST Interagency Report (NISTIR) 7756, CAESARS Framework Extension: An Enterprise Continuous Monitoring Technical Reference Architecture. This publication presents an enterprise continuous monitoring technical reference architecture that extends the framework provided by the Department of Homeland Security's CAESARS architecture. The goal is to facilitate enterprise continuous monitoring by presenting a reference architecture that enables organizations to aggregate collected data from across a diverse set of security tools, analyze that data, perform scoring, enable user queries, and provide overall situational awareness. The model design is focused on enabling organizations to realize this capability by leveraging their existing security tools and thus avoiding complicated and resource intensive custom tool integration efforts.

Abstract

Keywords

Continuous Asset Evaluation, Situational Awareness and Risk Scoring (CAESARS); continuous monitoring
Control Families

Audit and Accountability; Assessment, Authorization and Monitoring; Configuration Management; Incident Response; Maintenance; Risk Assessment; System and Communications Protection

Documentation

Publication:
Draft NISTIR 7756 (2nd public draft) (pdf)

Supplemental Material:
None available

Related NIST Publications:
IR 7799 (Draft)
IR 7800 (Draft)

Document History:
01/06/12: IR 7756 (Draft)