Accessibility Tools

Skip to main content

Access World-Class NIST RMF Documentation with ASP Learn More


Continuous Monitoring

Continuous Monitoring

Customized Information Security Continuous Monitoring Programs for Department of Defense (DoD) contractors implementing the NIST Risk Management Framework (RMF).

Arlington Security Portal

Get Access to 100 + NIST RMF security and privacy policies & procedures, programs, and plan templates.

Customized Continuous Monitoring Programs for Department of Defense (DoD) Contractors

Arlington helps defense contractors stay compliant with today’s demanding DoD security regulations by offering customized Information Security Continuous Monitoring Programs. A key element within the NIST Risk Management Framework (RMF) includes monitoring organizational controls as necessary.

  • Specifically, as defined by the National Institute of Standards and Technology (NIST), information security continuous monitoring (ConMon) is “maintaining ongoing awareness of information security, vulnerabilities, and threats to support organizational risk management decisions.” ConMon programs are essential for FISMA, FedRAMP, CMMC, NIST 800-171, NISP eMASS, and much more.

Maintaining an up-to-date view of information security risks across an organization is a complex, multifaceted undertaking. It requires the involvement of the entire organization, from senior leadership providing governance and strategic vision, to individuals developing, implementing, and operating individual information systems in support of the organization’s core missions and business functions. Now more than ever, organizations need to engage in continuous monitoring activities.

The Importance & Benefits of Continuous Monitoring

Additionally, an effective ConMon program requires not only full support from leadership within an organization, it also requires the development and implementation of a wide-range of information security and operational policies, procedures, and processes. The ability to effectively monitor internal controls relating to information security is not a start-and-stop process, rather, a process that’s dynamic, evolving, always striving to meet an organization’s needs for effective oversight of key IT and operational areas.

Your systems are dynamic, undergoing constant changes – this measure alone requires organizations to implement robust ConMon programs. From a scope perspective, ConMon should include, at a minimum, System Level Continuous Monitoring (SLCM) measures, and others, as needed.

And lastly, per the Defense Counterintelligence and Security Agency (DCSA) Assessment and Authorization Process Manual (DAAPM), “...The implementation of a robust continuous monitoring strategy allows an organization to understand the security state of the system over time and maintain the initial security authorization in a highly dynamic environment of operation with changing threats, vulnerabilities, technologies, and missions/business functions. Ongoing monitoring of the security controls is a critical part of risk management.”

Arlington Security Portal

Get Access to 100 + NIST RMF security and privacy policies & procedures, programs, and plan templates.

Related Services

Corresponding Case Studies

A Proven Approach for Developing Customized ConMon Programs

Why Arlington for ConMon Programs

  • Highly detailed ConMon programs reflecting your unique environment.

  • Efficient, yet comprehensive methodology for rapid program development.

  • Industry leader with decades of federal compliance experience.

Why Arlington?

Decades of Defense Industry Expertise. Recognized leaders in all things DoD. World-Class Arlington Security Portal (ASP).

Passion. Integrity. Innovation. Impact.

Phase I: Scoping & Analysis

Any successful ConMon program requires thoughtful pre-planning in terms of what the actual program should cover in terms of systems, personnel and departments involved in both developing and implementing the program, its execution, oversight and maintenance of the program, and more.

Phase II: Development

Developing a ConMon program requires documenting the actual program itself in terms of policies and procedures, various tools and solutions needed, formalizing the ConMon activities to be performed, along with program approval by leadership.

Phase III: Implementation

A ConMon program is only successful if it gets off the ground and is actually implemented. This requires integrating ConMon activities throughout the organization as needed for ensuring all controls are assessed and monitored with defined frequency.