Can you provide guidance on the SLCM fields within the “ControlInfoExport” spreadsheet in terms of how to best address “System Level Continuous Monitoring” requirements for eMASS reporting?

DCSA personnel will want to gain a strong understanding of an organization’s continuous monitoring initiatives, which means cleared contractors need to have in place a documented and formalized continuous monitoring program (ConMon).  Per a recent presentation by DCSA personnel:

• “Continuous Monitoring (ConMon) is an important aspect of the overall security because it communicates to DCSA how controls are going to be assessed for continued effectiveness over time.”
• “ConMon strategies should include details related to steps that “will be” taken by the defined frequency to check on controls.”

Therefore, a well-developed ConMon program should include the following:

• Control Number Listing
• Control Title
• Security Control Designation
• Continuous Monitoring Program Frequency
• Continuous Monitoring Strategy
• Listing of Tools Used for Verification
• Listing of Personnel Responsible for Performing ConMon Tests
• A Detailed Test Schedule

From Beginning to End, Complete Project Management for NIST RMF A&A within eMASS

With Arlington, we can manage your entire NIST RMF A&A process within eMASS from beginning to end (i.e., from the initial NIST RMF eMASS scoping & gap assessment to post-Authorization to Operate (ATO) activities), providing essential services for getting you to the finish line in terms of your ATO.  Core services and solutions offered include the following:

• Scoping & Gap (i.e., Readiness) Assessments
• Remediation Services (Policy and Procedures writing)
• Remediation Services (Technical and Operational)
• System Security Plan (SSP) Development
• Completion of eMASS Export Control Spreadsheets
• Continuous Monitoring (ConMon) Services