To begin, I wanted to provide the link to Part 2 of 3 of the Continuous Monitoring white paper series, available here.
I also wanted to mention some of the developments in the CM world since my last blog.
As mentioned previously, the Dept. of Homeland Security (DHS) is using the term Continuous Diagnosis & Mitigation (CDM) to refer to CM. DHS is working to build a CDM dashboard for the entire federal government. The CDM dashboard contract is moving forward. An integrator has been chosen for the project: InfoReliance, a current RSA Archer partner. Read more here. Potential solutions are being considered. RSA Archer is, of course, among these candidates.
On a related note, “Ongoing Authorization (OA)” is becoming the de facto term to describe the use of CM to maintain security authorizations. A few weeks ago, NIST released implementation guidance on this subject, available here.
I will be posting another blog before the end of the month to announce the third and final part of the CM white paper series. I think at that time, I will also hopefully have some news to share regarding RSA Archer’s upcoming Continuous Monitoring v2.
Thanks for reading. As always, please email with comments or questions.