From: FedRAMP
Cloud Service Providers (CSPS)
Question:
What is the main objective of “Continuous Monitoring”?
Answer:
Automation is the main objective of “Continuous Monitoring.” The Plan of Actions and Milestones (POA&Ms) submitted each month must accurately report the security posture of the system for that particular month. Security posture is an ongoing assessment. Most large CSPs include enough automation in their environments that the POA&M becomes an output of that automation. Automation is required to a greater extent in NIST 800-53 Revision 4 and will continue to be a stricter requirement in the next version of NIST 800-53 controls.
Leave a Reply