Office of the Chief Information Officer

United States Department of Agriculture

Continuous Monitoring

Service Description

Provide ongoing agency system security, vulnerability, and threat awareness. Categorize, select, implement and assess security controls. Support risk identification, management and mitigation as situations change. Support agency IT system Authorization to Operate (ATO) submissions. Monitor IT network, information, and system security.

What's Included

Functions of a managed security service include

  • Select the appropriate security controls and the minimum assurance requirements for that system
  • Describe the IT system (including system boundary) and document the description in the security plan
  • Register the information system with appropriate organizational program/ management offices
  • Identify the system specific, hybrid and common security controls for agency information systems
  • Select the information system security controls
  • Develop a continuous monitoring strategy
  • Implement the security controls specified in the security plan
  • Assess security controls to determine if they are implemented correctly, operating as intended, and producing the desired outcome
  • Authorize IT system operation based on a determination of the risk resulting from IT system operation and the decision that this risk is acceptable

Monitor IT system security controls on an ongoing basis.  Provide ongoing security control reporting.

How We Charge

The cost of this service is recovered by the number of full time employees (FTE) supported in your agency as a percentage of total departmental FTEs supported.

Service Level Metrics

Measure Target SLA
System Monitoring 24 x 7
Incident Response 24 x 7
System Availability 99.99% excluding planned downtime*

Cost Saving Tips

  • Provide lower total cost of information security ownership. 
  • Allow agencies focus resources on mission critical business objectives.
  • Compliance with government regulations is provided through ongoing security monitoring.
  • A vendor neutral approach supports the appropriate composition of security services by deploying market-based solutions from a wide variety of industry sources.

Additional Information

Services are in compliance with applicable standards from NIST (including SP 800-37), OMB, FIPS and GAO.