Design & Implementation of a

Continuous Monitoring (ConMon) Program

 

Results

 

Security Controls Assessed Monthly

Annual Sustainment Costs

Average Issues Discovered Monthly

Total Time in Months to Design & Implement

Challenge

The Department of Defense adopted NIST’s Risk Management Framework which mandated the implementation of Continuous Monitoring (ConMon). To meet this new requirement, the client needed a design and implementation of a ConMon solution.

Context / Action

We Designed and Implemented the Continuous Monitoring Program (People and Processes only) to provide ongoing awareness and insight of the organizations security posture IAW NIST standards.  ConMon allows an organization to gather relevant and up-to-date (near real-time) information about risk, threats, vulnerabilities, system and enterprise controls.  The continuous monitoring strategy ensured that the organization is operating within acceptable risk tolerance levels.

In designing this solution, we mapped all of the NIST 800-53 security control framework to DoD DIACAP, SANS Top 20, Compliance Inspections, Cybersecurity Service Provider and other security control frameworks. The idea behind this was to minimize duplication of effort. By performing proper ConMon execution and assess the core controls, we were also able to use this information to validate all the other mapped controls for all the other security frameworks! This not only validates the design and effectiveness of security controls but also avoids the need to execute other independent assessment; thus killing multiple birds with one stone. This overall strategy avoids duplication of efforts, consolidates like-assessment into one, and provides overall transparency and synergy across all controls from various frameworks.

The program also leveraged the most cutting edge auditing methodologies to ensure that our auditing practices were up to date and aligned with major industry auditing firms and best practices.

Are You A Government Contracting Company?

We are a Minority and Veteran-Owned Small Business. And we are always happy to take on Joint Venture Partnerships with other Government Contracting Companies. Let's Talk! 

Are You A Government Civilian or Military Leader? 

As a former Government, GS-15, Civilian, United States Marine and Pentagon's Security Architect. I understand the struggles of protecting Web Applications within vast Enterprise Architectures.  Let's Talk!

3 Steps to Better Protections, Better Solutions & Better Sleep

//

1

Schedule A Call

If you have a Government Web Application (Websites) that you NEED protecting then schedule a call. It is Free and in place so that we can better understand your mission and goals. 

2

Get Your Plan

During your call, we will talk about your current situation, your desired situation, and weather or not we are a good fit to work together or not. And if we do work together then we will tell you how we can best protect your web application.

3

Protect Your Mission

Move forward with your mission and sleep easy by knowing that light will soon illuminate your Cyber world!

HBG Cyber, Inc. Logo picture

Enter your email to get instant access to the case study

You have Successfully Subscribed!

HBG Cyber, Inc. Logo picture

Enter your email to get instant access to our scheduling software

You have Successfully Subscribed!