Continuous Monitoring

Continuous monitoring (ConMon) is a key risk management element in maintaining operational, business, and security visibility. ConMon is required for FedRAMP/NIST /DoD authorized systems. Implementing a successful ConMon program requires the right technical and business expertise to maximize your investment.

Leverage our cyber security experts to build and/or optimize your ConMon program based on our industry insights. We’ll take your organizational requirements and customize a program that works for you.

FedRAMP ConMon, Achieving Success

Navigating the FedRAMP continuous monitoring process is challenging for most cloud service providers. See key insights on how to normalize your ConMon program.

Contact us to discuss your cyber and cloud business needs. We’re happy to share our insights and work with you as your business evolves.

    Business Considerations

    Outsource vs. Insource?

    Does it make sense build an internal team or outsource the organizations continuous monitoring activities? The larger cloud service providers have large operational security teams – of 10+ resources, mid to small organizations, 3-5 resources. Finding and maintaining sought after cyber talent is a big challenge. Check with your outsourced firms to see if the value proposition is there?

    Program Continuity

    Retaining cyber talent in the current marketplace is challenging. Organizational cyber staff transition is at a rapid pace and the ability to retain in-house and historical knowledge becomes more complex over time. Make sure the organization invests in program level security elements (such as ConMon) to ensure no lapse in service in the event of internal transition.

    Continuous Assurance

    Meeting security requirements for FedRAMP/NIST/DOD Cloud based controls are important for not only compliance but your brand. Security can and should be seen as a business enabler. Make sure that whomever you work with is always thinking in those terms and offering solutions that support a more real-time view.

    Improved Security Assurance

    Having a robust ConMon program will ensure that risk identification and remediation activities are identified promptly and remediated through the continuous monitoring process. Identified issues will be tracked through remediation, this ensure accountability for all involved and lowers overall risk the organization.

    Why are Continuous Monitoring services important?

    Continuous monitoring (ConMon) is an important activity in assessing the security impacts on an information system that ultimately drives operational, business and performance security. Specific to FedRAMP/NIST/DoD Cloud based frameworks, ConMon is a required element in maintaining an approved accreditation status.

    Why should my organization care?

    Business impact! A robust ConMon Program is required for most US Public Sector accreditations with weekly, monthly and quarterly obligations. This applies to the FedRAMP/NIST accreditations as well as the DoD Cloud Authorization process. Cloud Service Providers/Traditional IT vendors need to maintain these ConMon requirements to maintain regulatory authorization status.

    In the event your FedRAMP/NIST or DOD accreditations are suspended due to ConMon deficiencies – your organization has lost its ability to maintain existing contracts or be considered for new business opportunities. Further, a mature ConMon program inherently improves the security posture of the related system by increasing visibility and maintaining accountability for adhering to organizationally defined metrics of success.

    Recent Insights