NIST Releases Continuous Monitoring FAQs

Continuous monitoring is at the center of proposed reform to FISMA, which is currently maligned as being an exercise in paperwork rather than an effective guide for cybersecurity.

The National Institute of Standards and Technology (NIST) has released a list of 17 frequently asked questions about continuous monitoring. The questions include:

What is continuous monitoring?

If my information system is subject to continuous monitoring, does that mean it does not have to undergo security authorization?

Why is continuous monitoring not replacing the traditional security authorization process?

What is front‐end security and how does it differ from back‐end security?

What is NIST doing to provide greater emphasis on front‐end security?

If continuous monitoring does not replace security authorization, why is it important?

Who should be involved in continuous monitoring activities?

What role does automation play in continuous monitoring?

How is NIST promoting the use of automation for continuous monitoring activities?

Why is the holistic approach to risk management using the RMF important?

What security controls should be subject to continuous monitoring?

How often should security controls be monitored?

Are there any risks associated with continuous monitoring?

How can common controls and automation reduce the cost and resources required for security control implementation, assessment, and continuous monitoring?

How can organizations address advanced persistent cyber threats?

Are continuous monitoring activities only applicable during the monitoring step in the RMF?

Where can organizations obtain additional information on continuous monitoring?

Click here to read NIST’s answers

Related posts:

1. NIST Releases Two New Reports
2. NIST to Reorganize IT Lab for Enhanced Cybersecurity Research
3. NIST Publishes Updated Report on Government Cybersecurity
4. NIST Role in Cyber Security Could Expand
5. House Committee Approves Restructuring of NIST