Continuous Monitoring

Integrated services, best practices, and automation tools for continuous monitoring from the leader in federal cybersecurity and information assurance.  

Continuous monitoring of information systems has long been a policy goal for improving the security posture of federal networks. Achieving continuous monitoring requires a balanced combination of processes, people, and technologies to help agencies automatically detect and report vulnerabilities in the IT environment and maintain compliance with security controls.

These factors make Telos Corporation a logical choice for emerging continuous monitoring programs. We tailor our services and solutions for cybersecurity and information assurance to our customers’ specific technology and business environment – a key requirement for effective continuous monitoring.

Cybersecurity services: skills and experience count in continuous monitoring.

Telos has provided cybersecurity services to the DoD, the Intelligence Community, federal civilian agencies, and commercial business for more than 20 years.  Telos employs over 140 cybersecurity analysts and engineers, most holding major security certifications (CISSP, CISA, CISM, CCNA) with clearances up to TS-SCI, allowing us to work at the highest levels of security sensitivity. 

  Telos works with agencies to help them establish, implement, and maintain a continuous monitoring program in accordance with guidance from NIST SP 800-137:
  • Define continuous monitoring strategy;
  • Establish measures and metrics;
  • Establish monitoring and assessment frequencies;
  • Implement a continuous monitoring program;
  • Analyze data and report findings;
  • Respond with mitigating strategies, or transfer or accept risks; and
  • Review and update continuous monitoring strategy and program.
Our work is informed by relevant guidelines for continuous diagnostics and mitigation such as NIST’s Risk Management Framework (SP 800-37), SP-800-137, SP-800-39, and others.  Our staff’s professional qualifications, combined with over two decades experience in providing security services, demonstrate our ability to provide world-class security services to our customers.

Best-of-breed approaches and processes for continuous monitoring.

Telos adheres to established IT security processes and frameworks to ensure the continuous monitoring and management of security postures.  Our services and solutions reflect the recommendations of the NIST Risk Management Framework; the Continuous Asset Evaluation, Situational Awareness, and Risk Scoring (CAESARS) model; the emerging FedRAMP requirements for assessing, authorizing and continuously monitoring cloud solutions, and others.

Automation tools to streamline processes for continuous monitoring and security risk assessment.

Human judgment is essential in sound cybersecurity assessment and monitoring. But automation tools can also streamline processes and help eliminate errors and oversights.  That’s why Telos’ risk management solutions support continuous monitoring and related activities with automation capabilities wherever they improve accuracy and efficiency. 

“Real‐time monitoring of implemented technical controls using automated tools can provide an organization with a much more dynamic view of the security state of those controls.”  NIST SP 800-137

Telos’ Xacta® IA Manager offers continuous compliance assessment capabilities that enable organizations to track the security state of a wide range of information systems on an ongoing basis and maintain the security authorization for the systems over time. Its elements work together to provide CISOs and other senior leaders with a dynamic view into the current status of security controls.

Its tightly integrated, complementary components include:

Xacta Continuum™: Organize your IT asset data and automate mapping of IT asset scans to the relevant controls.  Xacta Continuum automates the complex task of mapping the results from IT asset scans to the associated IA controls. It takes scans from disparate sources, correlates the results on the fly, and allows the analyst to view the results in an aggregated manner for side-by-side comparisons of tests from multiple sources.

Xacta HostInfo: Gather the information needed for security assurance.  This family of platform-specific executables collects and provides security-relevant configuration information to the Xacta Detect server for assessment. Xacta HostInfo also supports NIST SCAP-validated testing capabilities to determine compliance with FDCC and other XCCDF checklists.

Xacta Detect: Manages agent tasking and collects vulnerability and configuration data. Xacta Detect manages assets that have our Xacta HostInfo agent deployed on them. This allows our continuous monitoring suite to actively monitor those assets for security-relevant changes and passes that information to the Xacta Continuum™ console for further analysis to determine if the findings are associated and/or violate any security controls.

Xacta Continuous Monitoring Diagram

The elements of Xacta IA Manager work together to support continuous monitoring of your cybersecurity posture with continuous diagnostics and mitigation of vulnerabilities in your IT environment.