Information security continuous monitoring (ISCM) is defined as maintaining ongoing awareness of information security, vulnerabilities, and threats to support organizational risk management decisions.
The finalized document recognizes the essential role of automated systems in ensuring the monitoring of federal information systems. NIST explains that:
Tools supporting automated monitoring of some aspects of information systems have become an effective means for both data capture and data analysis. Ease of use, accessibility, and broad applicability across products and across vendors help to ensure that monitoring tools can be readily deployed in support of near real-time, risk-based decision making.
NIST further explains that “Automated processes, including the use of automated support tools (e.g., vulnerability scanning tools, network scanning devices), can make the process of continuous monitoring more cost-effective, consistent, and efficient.” Automated tools by themselves, however, are no more sufficient on their own than manual systems. NIST notes that “Organization-wide monitoring cannot be efficiently achieved through manual processes alone or through automated processes alone.”
Although the human role in monitoring is essential, the document correctly emphasizes the central role of real time monitoring in system security:
Real‐time monitoring of implemented technical controls using automated tools can provide an organization with a much more dynamic view of the effectiveness of those controls and the security posture of the organization.
SP 800-137 is attached below. CRE’s comments on the draft document may be found here.
Leave a Reply