Continuous Monitoring
Continuous monitoring is the ongoing process of maintaining awareness of your security posture, vulnerabilities, and threats. Rather than treating security as a one-time assessment, continuous monitoring ensures you're always aware of changes that could affect your system's security — new vulnerabilities, configuration changes, emerging threats, and evolving compliance requirements.
In practice, continuous monitoring includes automated vulnerability scanning, log analysis, configuration monitoring, regular security assessments, and ongoing risk evaluation. For DoD systems with ATOs, continuous monitoring is required to maintain authorization — it's how the AO knows the system remains secure between formal reassessments.
Why It Matters
Continuous monitoring is both a CMMC requirement and an RMF requirement. Building automated monitoring into your operations reduces the manual effort of compliance and helps you catch security issues before they become breaches or audit findings.