Continuous Monitoring Phase 6 Q4-2024

Continuous Monitoring Phase involves the following steps:

  • Information system environment Changes: Monitor change and maintain an accurate system inventory. Use asset management tool. This step is handled by the System Owner, and ISSO)
  • Ongoing Security Control Assessments: Assess 1/3 of the NIST controls annually, Scan the system for weaknesses, implement vulnerability & parch management tools. This step is handled by the system Owner, ISSO and C&A analyst)
  • Ongoing Remediation Actions: Take steps to remediate POA&M items. This step is handled by the system Owner, ISSO and C&A analyst)
  • Key Updates: Update SSP, POA&M and SAR. This step is handled by the System Owner, ISSO and C&A analyst)
  • Security Status Reporting: Submit SSP, SAR and POA&M to AO for review and direction. This step is handled by the System Owner, and            ISSO.
  • Ongoing Risk Determination and Acceptance: AO reviews SSP, SAR, POA&M and gives direction to ISSO and System Owner. This step is handled by the AO. AO issues Annual Assessment letter.
  • Information System Removal and Decommission: Follow policy and procedures for decommissioning system. Update system inventory and organization         inventory accordingly. This step is handled by the system Owner, and ISSO)
  • NIST Publication
  • SP 800-137
  • SP 800-53,
  • SP 800-53A
  • SP-800-30

error: Content is protected !!