DoD Continuous Monitoring Definition
- The term Continuous Monitoring (ConMon) for the Department of Defense (DoD) is defined as the on–going observation, assessment, analysis, and diagnosis of an organization’s cybersecurity posture, hygiene, and operational readiness.
- ConMon synergistically integrates core components and capabilities across multiple security–domains and organizational levels to provide global situational awareness and visibility in support of areas of operations that has a direct impact on or can potentially interact with mission operations.
- From a strategic perspective, ConMon provisions for a classification/computing environment agnostic framework and promotes a steady–state risk posture that incorporates a DoD–wide ‘collect–once, reuse–many’ structure such that each domain fits into a scheme to delineate a comprehensive ‘snapshot in time’ that explains the environment from multiple mission areas of operations.
Continuous Monitoring Applicability
- For Risk Management and System Certification and Accreditation
ConMon provides the DoD with a capability to monitor the risk posture of its information systems and networks on a continual basis; decreasing the level of effort of our current assessment and authorization process (manually intensive occurring every three years) as well as providing the means for prioritizing remediation based upon relevant operational impact and critical mission areas.
- For Network Operations (NetOps)
ConMon provides the DoD with a capability to monitor network traffic, fault, performance, bandwidth, route, and other network management areas.
- For Cyber Defense
ConMon provides the DoD with a capability to monitor “adversarial behavior” and its impacts on operations (i.e., monitor and understand intrusions, attack sensing and warning, indications and warning, advanced persistent threats, and other signs of cyber attack and exploitation activities).