Happy New Year!
Well, we are now finally entering into the season of federal continuous monitoring. In the past few years just a few trailblazers tried it, and there were lessons learned and false starts, but 2013 looks to be the year the government is moving in earnest to really embrace CM. DHS has released their RFP for Continuous Monitoring as a Service (CMaaS) solutions. Supposedly this year, there will be some update that makes CM mandatory. Will it be an Executive Order? Will Congress be able to pass a bill after so many failed attempts? Will it be an update to the crusty, old OMB A-130? (one of the more interesting rumors) Whatever the case, it’s time we all “get smart” on the subject of continuous monitoring.
To that end, I will be writing a series of blogs this quarter covering the subject of continuous monitoring.
21 January –Continuous Monitoring: What It Is and Isn’t. This is an introduction that will cover definitions and concepts, including the semantic differences that drive everyone crazy and often derail conversations on CM (continuous vs. constant vs. automated, etc.) I will give a synopsis of all the relevant documents and their relationships (800-137, NISTIRs 7756, 7799, 7800, etc.)
11 February – Practical Models: iPost and CAESARS / CAESARS FE. I will discuss the practical models that have been developed so far that we can learn from, use, or emulate. The two models I will cover will be iPost and CAESARS (FE). I will compare and contrast them and discuss their strengths and gaps. Seeing what others have done will hopefully give you ideas for what you want to do, which leads to…
4 March – Implementation! What are your options for implementation? What will the challenges be? How do you devise an implementation plan without killing your compliance / IA staff from the strain?
Throughout this series I will also try to sprinkle in some relevant links to articles as they apply.
If there are subjects pertaining to CM that I haven’t mentioned above and you would like to see, email me . I will try to work them in or add another blog onto the end of the series.
Thanks so much and tune in the week of January 21st to start this exciting and enlightening journey!
(or not, but understanding this CM stuff is pretty important for future job security – just sayin’…)
“They have got to be so scared to miss it! So terrified!”
- Bill Murray, Scrooged