3.12.3 Monitor security controls on an ongoing basis to ensure the continued effectiveness of the controls.
- NIST SP 800-137 - Information Security Continuous Monitoring (ISCM) for Federal Information Systems and Organizations
- Cloud.gov - Continuous Monitoring Strategy
- SANS Institute – A Guide to Security Metrics
Sample Policy & Procedures
- NOAA/NESDIS - NESDIS Quality Procedure [NQP] – 3402 - Continuous Monitoring Planning - Policy and Procedures
Additional Lessons Learned
- YouTube - The Fundamentals of Continuous Monitoring – An Integral Part of Risk Management Strategies