How to monitor security controls

Continuous Monitoring programs allows government agencies to maintain the security authorization of an information system over time while operating in an environment where systems adapt to changing threats, vulnerabilities, technologies and mission/business processes. Automated support tools are not required however risk management can become near real-time through the use of automated tools. This will help with potential security incidents associated with unexpected change on different core components and their configurations as well as provide ATO (Authorization to Operate) standard reporting.