Cyber-threats have become more prevalent and are increasing risks to federal information systems.
As a result, there is a need for better, more actionable intelligence about the security status of systems. Continuous monitoring of information systems security provides organizations with near real-time information about security breaches and changes in security controls to enable them to reduce risk exposure and vulnerabilities.
These requirements for continuous monitoring of federal information systems deliver a higher level of cybersecurity protection and address the growing threatscape facing federal government agencies. At the same time, the need for continuous monitoring will require organizations to implement new processes and automated tools to assist them. NIST regards automation tools as important for the success of continuous monitoring.