Design & Implementation of a

Continuous Monitoring (ConMon) Program

 

Results

 

Security Controls Assessed Monthly

Annual Sustainment Costs

Average Issues Discovered Monthly

Total Time in Months to Design & Implement

Challenge

The Department of Defense adopted NIST’s Risk Management Framework which mandated the implementation of Continuous Monitoring (ConMon). To meet this new requirement, the client needed a design and implementation of a ConMon solution.

Context / Action

We Designed and Implemented the Continuous Monitoring Program (People and Processes only) to provide ongoing awareness and insight of the organizations security posture IAW NIST standards.  ConMon allows an organization to gather relevant and up-to-date (near real-time) information about risk, threats, vulnerabilities, system and enterprise controls.  The continuous monitoring strategy ensured that the organization is operating within acceptable risk tolerance levels.

In designing this solution, we mapped all of the NIST 800-53 security control framework to DoD DIACAP, SANS Top 20, Compliance Inspections, Cybersecurity Service Provider and other security control frameworks. The idea behind this was to minimize duplication of effort. By performing proper ConMon execution and assess the core controls, we were also able to use this information to validate all the other mapped controls for all the other security frameworks! This not only validates the design and effectiveness of security controls but also avoids the need to execute other independent assessment; thus killing multiple birds with one stone. This overall strategy avoids duplication of efforts, consolidates like-assessment into one, and provides overall transparency and synergy across all controls from various frameworks.

Enter your email to get instant access to the case study

Enter your email to get instant access to the case study

Thank you for your time; we hope you enjoy the free case study.

Enter your email to get instant access to schedule your free Cyber strategy session today

Enter your email to get instant access to schedule your free Cyber strategy session today

Thank you for your time; we hope you enjoy the free case study.

Enter Your Email To Schedule Your Free Cyber Strategy Session Today

Enter Your Email To Schedule Your Free Cyber Strategy Session Today

Thank you for your time; we hope you enjoy the free case study.

Pin It on Pinterest