DHS has released Version 1.0 of their “FY 2011 Chief Information Officer Federal Information Security Management Act Reporting Metrics” which includes the metrics for Continuous Monitoring.
There are two continuous monitoring questions on which data must be reported:
- The percentage of data from a list of potential data feeds that “are being monitored at appropriate frequencies and levels in the Agency” and
- The extent to which “‘the data collected, correlated, and being used to drive action to reduce risks” based on a 1-5 scale “with 1 being that “All continuous monitoring data is correlated.”
The document does not provide any additional guidance on what constitutes “appropriate frequencies and levels” or on how continuous monitoring should specifically be defined.
Attached below is the complete DHS document.
Leave a Reply