Home > Training > Continuous Monitoring
RMF Step 6 Mastery

Continuous Monitoring (ISCM)

1 Day Course NIST SP 800-137 Automation Focus

Overview

Information Security Continuous Monitoring (ISCM) is not just a regulatory requirement; it is the heartbeat of a modern cybersecurity program. This one-day supplemental training dives deep into Step 6 of the Risk Management Framework (RMF).

We move beyond theory to cover the practical application of NIST SP 800-137. You will learn how to design an ISCM strategy that transitions your organization from "Point-in-Time" compliance to "Ongoing Authorization" (OA).

Course Prerequisite

A strong understanding of RMF is required. We highly recommend completing our 4-day Building a DoD Security Package – RMF in Practice program prior to attending.

Course Agenda: The ISCM Lifecycle

Strategy & Design

  • 1. Define Strategy: Setting risk tolerance and monitoring frequencies.
  • 2. Establish Program: Roles, responsibilities, and resource allocation.
  • 3. Implement: Deploying sensors and collecting security data.

Execution & Analysis

  • 4. Analyze & Report: Turning raw data into actionable risk intelligence.
  • 5. Respond: Mitigation strategies for findings and POA&M updates.
  • 6. Review & Update: Maturing the ISCM strategy over time.

Technology & Automation

Modern monitoring requires automation. We discuss the integration of key technologies to support Continuous Monitoring and Risk Scoring (CMRS):

  • Security Information & Event Mgmt (SIEM)
  • Asset Management Tools
  • Configuration Management (CM)
  • Vulnerability Scanning (ACAS)

Who Should Attend?

The Continuous Monitoring program is suitable for government employees and contractors in DoD, federal "civil" agencies, and the intelligence community. It is specifically designed for:

  • ISSOs & ISSMs: Responsible for managing security posture on an ongoing basis.
  • System Admins: Tasked with implementing automated tools.
  • Program Managers: Who need to resource Ongoing Authorization efforts.

Delivery Methods

Online Personal Classroom™

Offered on a regular basis as an online, instructor-led class.

Private Groups

Available as a "Friday supplemental class" to organizations wishing to obtain onsite or online RMF training for a private group.

Continuous Monitoring Training

Request Training

Flexible Scheduling

Scheduled regularly online.

Ongoing Authorization

Learn the path to OA.

Contact Us for a Quote