Challenges & Needs

• Unclear as to the Scope of Continuous Monitoring: The client was unclear as to what specific systems and controls needed to be monitored, in what capacity, and how to document and report on such efforts.
• No Experience with Continuous Monitoring: The client has no experience with the concept of continuous monitoring, thus was unsure on how to even develop such a program.
• Conflicting Viewpoints: Senior leadership and the IT department had different viewpoints on how to design and implement such a program, thus, creating additional challenges.

Our Solution

• Successfully defined project scope, including roles and responsibilities for all internal personnel at the client.
• Developed a highly customized continuous monitoring program consisting of a mixture of automated and manual controls that were aligned with the NIST SP 800-53 controls within eMASS.
• Performed “dry run” exercises for ensuring all personnel had a strong technical understanding of the continuous monitoring program, and their respective roles and responsibilities.

Challenges Solved

• Implementation of a true continuous monitoring program as required by specific eMASS DoD guidelines.
• Additionally, developed all required supporting information security and cybersecurity policies and procedures for helping ensure the full and proper execution of the continuous monitoring program.

Value Created

• Put in place a corporate culture that now understands, respects, and truly values the concept of information security.
• Developed and implemented a highly structured continuous monitoring program with formalized and well-documented internal controls.
• Successfully met the rigorous DoD compliance requirements relating to continuous monitoring.