Continuous Monitoring
Continuous Monitoring Feature
This page contains information to assist our customers with utilizing the Continuous Monitoring feature in RegScale. It describes what it is, why you would use it, the benefits, and provides instructions on getting started.
What is it?
The Continuous Monitoring feature allows you to bulk assess controls as a unit and to report overall progress against meeting the assessment goals. Continuous Monitoring is a key component of implementing the NIST Risk Management Framework (RMF) and ensures compliance over time with control objectives.
Why would you use it?
There are many reasons to use this feature which include:
- To bulk schedule controls
- To view progress of control assessments as a unit
- To visualize progress against goals with an easy-to-use User Interface (UI)
What are the benefits?
This feature has multiple benefits for an organization; to include:
- Reduced manual data entry via bulk-scheduling
- Enhanced accountability by visualizing progress against goals
- Facilitates "sampling" approach to ensure coverage of a set percentage of control assessments based on a defined frequency
How do I use it?
Instructions for using this feature are provided below (NOTE: This feature is only available for Enterprise Edition (EE) customers):
Scheduling
- Select any Security Plan or Component and navigate to the data entry form for that record
- In the Utilities section on the left side, select the "Continuous Monitoring" by clicking the "Schedule" button
- The first step is to describe the Continuous Monitoring effort, give it a title, assign a lead assessor, and give instructions to the team
- Next, you set the schedule for the period that the continuous monitoring assessment should occur (when it begins and when it should end)
- Next, you add the controls that are in scope for the assessment. You can add all controls, by family, or one at a time
- Finally, review all controls and click the "Finalize" button to schedule the continuous monitoring assessment
Monitoring
- On the Security Plan or Component, navigate to the data entry form and click the Continuous Monitoring tab
- This will now display a list of scheduled assessments (both current and historical)
- Click "View Details" to view the status of the continuous monitoring assessment's progress
- At the top, it will show the percent compliant, overall control coverage, date range for the assessment, and percent complete
- Below the header, you will see each control and can directly complete the assessment (either manual assessment or via a Lightning Assessment)
- Keep completing assessments until the full scope of the continuous monitoring is complete
- Use the export "SAP/SAR" button to auto-generate OSCAL for the assessment
Updated about 1 year ago