What is Continuous Monitoring?

Continuous monitoring is an ongoing process of assessing and managing your security posture by tracking system changes, analyzing vulnerabilities, and evaluating compliance with security requirements. 

In FedRAMP, continuous monitoring is a key requirement for maintaining an Authorization to Operate (ATO), ensuring cloud service providers (CSPs) maintain security controls over time. Through ongoing assessments and monthly reporting, CSPs can ensure their controls remain effective in light of new exploits and attacks and planned and unplanned changes to their system and environment and make timely risk management decisions if they aren’t effective. The effectiveness of a CSP’s continuous monitoring capability factors into ongoing authorization and reauthorization decisions.