The National Institute of Standards and Technology has released a new publication, “Information Security Continuous Monitoring (ISCM) for Information Systems and Organizations” (SP 800-137), aimed at helping “organizations understand their security posture against threats and vulnerabilities and determine how effectively their security controls are working.”
“This is a guide for an organization that has already implemented the first five steps of the NIST Risk Management Framework (RMF) and is ready to move on to the last step, which is developing a systematic way of making sure the previous steps are implemented effectively,” said NIST researcher and one of the report’s authors Kelley Dempsey announcing the publication.
Information Security Continuous Monitoring (ISCM) for Federal Information Systems and Organizations
