The third and final day of the Internet Security and Privacy Advisory Board’s (ISPAB’s) meeting included discussion of continuous monitoring and FedRAMP. Several issues remain outstanding with respect to continuous monitoring of FedRAMP including whether and to what extent monitoring capabilities and plans must be place prior to a vendor receiving certification as a Cloud Service Provider. Another issue which remains open is whether and to what extent agencies will receive continuous monitoring data.
As continuous monitoring becomes increasingly important to federal IT management, it is important that the outstanding ISCM issues be transparently resolved.
Additional posts on the ISPAB meeting are:
Updating OMB Circular A-130 Management of Federal Information Resources
OMB A-130 and the Future of Continuous Monitoring
Update on NIST SP 800-53 Rev. 4
“Build it right — Continuously Monitor”
Leave a Reply