Continuous views of organizational IT risk

Continuous Monitoring (CM) enables agencies to constantly assess their IT security risk posture from all levels of the organization. It provides current security and compliance insights in real-time, to help improve security situational awareness and make cost-effective risk-based decisions.

Maintain situational awareness during inevitable changes

The objective of Continuous Monitoring (CM) is to determine if the required architectural security control, implemented within your information systems, remains effective over time despite inevitable environmental and operational changes. Maintaining visibility into your hardware, software, firmware and threat space is increasingly important as operations continue to evolve. When CM is integrated along with policies and processes, you have a much stronger overall risk management process.


Agencies are responsible for implementing and maintaining individual Information Assurance (IA) programs to assess organizational compliance with laws, regulations, policies, etc. Until recently, these IA programs were based upon periodic checklists – a snapshot in time of your organization’s security posture. In today’s advanced persistent threat environment, this manual approach to compliance reporting does not meet senior leadership needs for timely, decision-quality information.

Today, with a CM service replacing the traditional checklist-based IA approach, you receive:

  • Continuous feedback on the effectiveness of your risk management activities and responses
  • Real-time identification of changes to your information systems and operational environments, and the correlation between those changes and how they affect your risk tolerance
  • Verification of compliance to legislation, executive orders, directives, policies and standards & guidelines
  • Reduced costs with system and application maintenance