Feds Join the CCM Bandwagon
Posted on June 16th, 2010 by Katina »Permalink
So, earlier this week we talked a bit about the National Institute of Standards and Technology (NIST), and what they’re saying about continuous controls monitoring (funnily enough, it’s not that different from what we at Approva are saying about it).
Today brings another interesting development in the story of the government’s efforts to do what we’ve been recommending for so long for the private sector – use continuous controls monitoring to provide real-time visibility into daily operations – and crucially, into exceptions to well-defined rules, so that problems can be fixed before they become overwhelming and/or public and/or very, very expensive.
Here’s what happened. You know when the House passed a defense reauthorization for 2011? Well, part of that included changes to the Federal Information Security Management Act (FISMA), which now establishes a National Office for Cyberspace at the White House – and includes minimum requirements for continuous monitoring of IT systems (among other things).
We know CCM can’t do everything (and we go into NIST’s thoughts on that as well as our own here, but it can do a tremendous amount toward mitigating risk before issues spiral out of control, which is why we recommend it so highly. It’s a pleasure to see government embracing its possibilities as well.
