NIST has released a bulletin which summarizes the information in SP 800-137, Information Security Continuous Monitoring (ISCM) for Federal Information Systems and Organizations. NIST states that,
The bulletin explains the importance of information system continuous monitoring in protecting information systems and information, the role of ISCM in the Risk Management Framework, the integration of ISCM in organizational risk assessment activities, and the details of the organizational ISCM process. References are provided to additional sources of information on ongoing monitoring of information systems and on the Risk Management Framework.
The bulletin is attached below.
Leave a Reply