CONTINUOUS MONITORING - 5335.1

Introduction: Continuous monitoring programs facilitate ongoing awareness of threats, vulnerabilities, and information security to support state entity risk management decisions.

Policy: Each state entity shall develop a continuous monitoring strategy and implement a continuous monitoring program.

Implementation Controls: NIST SP 800-53: Audit and Accountability (AU); Physical and Environmental Protection (PE); Risk Assessment (RA); Security Assessment and Monitoring (CA); Supply Chain Risk Management (SR)