White Paper
Defining and Planning Continuous Compliance for NIST Requirements
The National Institute for Standards and Technology (NIST) recently released new Federal Information System Management Act (FISMA) guidance in two publications. The aim of the new guidance is to help federal agencies develop a continuous monitoring program as part of a risk management framework. It is also supposed to help the government gain an enterprise-wide view of its security stance by using automation to roll up reports of security information across all agencies.
In this paper, we:
- Provide an overview of the concept of continuous monitoring
- Discuss new FISMA guidance around continuous monitoring described by NIST special publications
- Describe the relationship of continuous monitoring to CyberScope.
- Discuss how automation is a critical aspect of both continuous monitoring and reporting
- Give three practical steps for getting started with a continuous monitoring program
This paper will guide you toward building a continuous monitoring program that can help security teams more effectively and efficiently manage the security risk of federal information systems.
Related Tripwire Resources You Might Be Interested In:
- Achieving Continuous Monitoring Easily with Security Automation Watch
- Extending HBSS Information Assurance with Tripwire Enterprise Watch
- Continuous Monitoring: What It Is, Why It Is Needed, and How to Use It Read
- Automating Continuous Monitoring of DISA STIGS Watch
- Implementing a Cyber Security Continuous Monitoring Strategy Watch
- Developing a Continuous Monitoring Action Plan Watch
- Risk Mitigation Through Continuous Monitoring Watch
- Zero Day Response: Strategies for Cyber Security Watch
Sign In
to register for this White Paper