Continuous Monitoring

ConMon for FedRAMP, FISMA and CMMC 2.0

Continuous monitoring and compliance with NIST SP 800-53 and CMMC 2.0 based requirements requires the timebound orchestration of management, remediation and reporting activities. stackArmor’s cloud security and compliance experts operate a 24/7 continuous monitoring and support to help organization’s easily comply with their obligations. The services provided support the full-stack and includes application security through OWASP compliant web scanning, security operations including vulnerability scanning, logging, monitoring and alerting. Our ThreatAlert(R) Security Workbench helps reduce the time and cost of continuous monitoring operations.

cATO and Continuous Monitoring   

stackArmor provides tailored ConMon reports with daily, weekly and monthly activities in compliance with the 58 plus controls identified by FedRAMP. stackArmor’s ConMon team works as an integrated unit with the client’s cloud team and is based in Washington DC. stackArmor’s dedicated US based Continuous Monitoring team delivers 24/7 alerting for NIST, DOD DISA, OWASP, FedRAMP and other Industry best practices and standards. The table below provides an overview of the threats and vulnerabilities included in the service.

Service Scope Description Frequency of Check/Scan
Security Operations Real-time monitoring and alerting of critical and high events for service integrity and availability. Continuous
Vulnerability Management Scans and reports operating system and application server vulnerabilities based on NIST CVE scores. Recommended at least monthly but could be more frequent
Container Security  Deep scan of container image for common vulnerabilities based on NIST CVE scoring. Recommended as part of the CI/CD pipeline
Operational Threats Aggregated collection of findings, co-relation analysis and reporting & remediation tracking. Continuous
Data Files Advanced intrusion detection to detect file integrity issues and report system intrusions. Continuous
Anti-Virus and Malware Scanning Integrated antivirus engine for detecting trojans, viruses, malware & other malicious threats. Continuous
POA&M, DR and Compliance Reporting Automated change management, incident tracking, inventory reporting, POA&M and Deviation Requests (DR) automation. Continuous

The service is constantly being enhanced and augmented to cover new types of threats and vulnerabilities to provide highly responsive and updated security coverage. Schedule a briefing with us to learn about the ThreatAlert(R) Security Workbench for reducing the time and cost of continuous monitoring and cATO capabilities.