Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
BIRISH
Viewer
‎02-17-2021 11:40 AM
‎02-17-2021 11:40 AM

Continuous Monitoring Plan (RMF)

I am looking for a good example of a Continuous Monitoring Policy/Plan/SOP (or all of the above) for use within the DoD RMF world.  Anyone?

Labels
Reply
0 Kudos
3 Replies
tmekelburg1
Community Champion
‎02-17-2021 01:16 PM
‎02-17-2021 01:16 PM

Here is one where they combine the policy and the NIST standards into one document. Personally, I'd make two separate documents but this is a start. Also, check out NIST SP 800-137 and 137A for more info on the subject. 

 

https://files.nc.gov/ncdit/documents/Statewide_Policies/SCIO_Security_Assessment_Authorization.pdf

Reply
AppDefects
Community Champion
‎02-17-2021 09:44 PM
‎02-17-2021 09:44 PM

From a technical perspective I suggest thinking about the solution architecture and then adding the security monitoring components. I like storyboarding those kinds of solutions, they are more practical than paper policy.

Reply
0 Kudos
RRoach
Contributor I
‎03-03-2021 08:34 AM
‎03-03-2021 08:34 AM

Each agency (there is roughly 100 command/service/agencies) has their own interpretation of continuous monitoring.  Start with looking at the specific agencies document structure (font/headings/etc.) to develop a template then tailor it. You also might be able to get some insight from DoD policies as well. 

Reply
0 Kudos