Home / Glossary / Continuous Monitoring

Continuous Monitoring

Also known as: ConMon

The ongoing process of monitoring security controls to ensure they remain effective over time. Required by CA.L2-3.12.3.

Continuous monitoring is the ongoing process of observing the effectiveness of security controls to ensure they continue to operate as intended. NIST SP 800-171 requires it under CA.L2-3.12.3.

In practice, continuous monitoring includes: periodic vulnerability scanning, ongoing log review, patch compliance tracking, MFA enforcement verification, account review cadences, training completion tracking, configuration drift detection, and any other recurring activity that confirms controls are still working.

The contractor documents the continuous monitoring strategy in the SSP and produces evidence of it during assessment.

Stop Googling. Start working.

CMMCDocs has all 110 NIST SP 800-171 Rev 2 requirements built in — with the language, the templates, and the evidence vault you need. Spin up a free demo workspace and click around the way an assessor would.

Get my demo account

Continuous Monitoring

Related terms

Stop Googling. Start working.