Information security continuous monitoring (ISCM) programs provide an understanding of risk tolerance and help officials set priorities and consistently manage information security risk throughout the organization. NISTIR 8212, An Information Security Continuous Monitoring Program Assessment, provides an operational approach to the assessment of an organization’s ISCM program using ISCMAx – a free, publicly available working implementation of the ISCM program assessment described in NIST SP 800-137A. NISTIR 8212 provides instructions for using ISCMAx and guidance for tailoring the ISCMAx tool
NIST Releases an Example Implementation Tool for NISTIR 8212: An Information Security Continuous Monitoring Program Assessment
previous post