Cont. Monitoring
Monitor networks and systems for cybersecurity events.
9 of 9 frameworks cover this control
Framework Mappings
How Cont. Monitoring maps to each of the 6 cybersecurity frameworks tracked by ControlMap.
| Framework | Status | Control IDs |
|---|---|---|
| NIST CSF 2.0 | Covered | DE.CM-01 DE.CM-03 |
| ISO 27001 | Covered | A.8.15 A.8.16 |
| CIS v8 | Covered | CIS 8.2 CIS 8.5 CIS 8.11 |
| SOC 2 | Covered | CC7.1 CC7.2 |
| PCI DSS | Covered | 10.4.1 10.4.2 11.5.1 |
| CMMC | Covered | SI.L2-3.14.6 SI.L2-3.14.7 |
| 800-53 | Covered | CA-7 SI-4 |
| HIPAA | Covered | §164.312(b) |
| GDPR | Covered | Art.32(1)(d) |
About Cont. Monitoring
Cont. Monitoring is a cybersecurity control in the Detect domain. Monitor networks and systems for cybersecurity events. Continuous monitoring provides real-time or near-real-time awareness of the security state of networks, systems, and applications by collecting and analyzing security telemetry from multiple sources. This includes network traffic analysis, endpoint telemetry, cloud workload monitoring, and file integrity monitoring to detect unauthorized changes, policy violations, and indicators of compromise. Organizations should define monitoring use cases based on their threat model, establish baseline behavior for critical systems, and ensure monitoring coverage extends across on-premises, cloud, and remote work environments.
This control is recognized by 9 of the 6 major frameworks: NIST CSF 2.0, ISO 27001, CIS v8, SOC 2, PCI DSS, CMMC, 800-53, HIPAA, GDPR. It has full coverage across all ${FW_KEYS.length} frameworks.