Design & Implementation of a
Continuous Monitoring (ConMon) Program
Security Controls Assessed Monthly
Annual Sustainment Costs
Average Issues Discovered Monthly
Total Time in Months to Design & Implement
The Department of Defense adopted NIST’s Risk Management Framework which mandated the implementation of Continuous Monitoring (ConMon). To meet this new requirement, the client needed a design and implementation of a ConMon solution.
Context / Action
We Designed and Implemented the Continuous Monitoring Program (People and Processes only) to provide ongoing awareness and insight of the organizations security posture IAW NIST standards. ConMon allows an organization to gather relevant and up-to-date (near real-time) information about risk, threats, vulnerabilities, system and enterprise controls. The continuous monitoring strategy ensured that the organization is operating within acceptable risk tolerance levels.
In designing this solution, we mapped all of the NIST 800-53 security control framework to DoD DIACAP, SANS Top 20, Compliance Inspections, Cybersecurity Service Provider and other security control frameworks. The idea behind this was to minimize duplication of effort. By performing proper ConMon execution and assess the core controls, we were also able to use this information to validate all the other mapped controls for all the other security frameworks! This not only validates the design and effectiveness of security controls but also avoids the need to execute other independent assessment; thus killing multiple birds with one stone. This overall strategy avoids duplication of efforts, consolidates like-assessment into one, and provides overall transparency and synergy across all controls from various frameworks.
The program also leveraged the most cutting edge auditing methodologies to ensure that our auditing practices were up to date and aligned with major industry auditing firms and best practices.
Are You A Government Contracting Company?
We are a Minority and Veteran-Owned Small Business. And we are always happy to take on Joint Venture Partnerships with other Government Contracting Companies. Let's Talk!
Are You A Government Civilian or Military Leader?
As a former Government, GS-15, Civilian, United States Marine and Pentagon's Security Architect. I understand the struggles of protecting Web Applications within vast Enterprise Architectures. Let's Talk!
3 Steps to Better Protections, Better Solutions & Better Sleep
Schedule A Call
If you have a Government Web Application (Websites) that you NEED protecting then schedule a call. It is Free and in place so that we can better understand your mission and goals.
Get Your Plan
During your call, we will talk about your current situation, your desired situation, and weather or not we are a good fit to work together or not. And if we do work together then we will tell you how we can best protect your web application.
Protect Your Mission
Move forward with your mission and sleep easy by knowing that light will soon illuminate your Cyber world!