Continuous monitoring is a risk management approach to cybersecurity that maintains an accurate picture of an agency’s security risk posture, provides visibility into assets, and leverages use of automated data feeds to quantify risk, ensure effectiveness of security controls, and implement prioritized remedies. A well-designed and well-managed continuous monitoring program can effectively transform an otherwise static security control assessment and risk determination process into a dynamic process that provides essential, near real-time security status.
In today’s environment of widespread cyber-intrusions, advanced persistent threats, and insider threats, it is essential for agencies to have real-time accurate knowledge of their enterprise IT security posture so that responses to external and internal threats can be made swiftly.
Continuous Monitoring Initiatives:
The National Cybersecurity Protection System (NCPS) is an integrated system-of-systems that delivers a range of capabilities, including intrusion detection, analytics, intrusion prevention, and information sharing. The NCPS capabilities, operationally known as the EINSTEIN program, are one of a number of tools and capabilities that assist in federal network defense. Einstein provides a common baseline of security across the federal civilian executive branch and to help agencies manage their cyber risk. EINSTEIN serves two key roles in federal government cybersecurity. First, EINSTEIN detects and blocks cyber attacks from compromising federal agencies. Second, EINSTEIN provides DHS with the situational awareness to use threat information detected in one agency to protect the rest of the government and to help the private sector protect itself.
Continuous Diagnostics and Mitigation (CDM)
The Continuous Diagnostics and Mitigation (CDM) program is a dynamic approach to fortifying the cybersecurity of government networks and systems. CDM provides federal departments and agencies with capabilities and tools that identify cybersecurity risks on an ongoing basis, prioritize these risks based upon potential impacts, and enable cybersecurity personnel to mitigate the most significant problems first. Congress established the CDM program to provide adequate, risk-based, and cost-effective cybersecurity and more efficiently allocate cybersecurity resources.
National Cybersecurity and Communications Integration Center (NCCIC)
The National Cybersecurity and Communications Integrations Center (NCCIC) housed in the Department of Homeland Security (DHS) is a 24/7 cyber situational awareness, incident response, and management center that is a national nexus of cyber and communications integration for the federal government, intelligence community, and law enforcement. NCCIC shares information among the public and private sectors to provide greater understanding of cybersecurity and communications situation awareness of vulnerabilities, intrusions, incidents, mitigation, and recovery actions.