Continuous monitoring – the process of consistently evaluating, measuring, monitoring, and reporting risk – is vital to informing the proper stakeholders about risk in order to better support risk management decisions. KCG understands how to support agencies in developing continuous monitoring approaches tailored to their missions, and in accordance with key National Institute of Standards and Technology (NIST) guidance. We bring to each engagement our proven best practices and a record of success helping our federal customers to implement continuous monitoring programs using the NIST Special Publication 800-37 guidance on the Risk Management Framework and NIST Special Publication 800-37 guidance on continuous monitoring. We also leverage a KCG-developed Continuous Monitoring Reference Architecture designed to identify the various capabilities and solutions interchangeably supporting a robust continuous monitoring program through automation.

KCG supplements these solutions by providing unparalleled technical expertise to conduct the analysis of the threat, vulnerability, and risk information to support risk management. By combining these capabilities with our methodologies, we are able to help agencies jump start their activities to achieve their goals for a repeatable and consistent view of risk within their organization. We provide government agencies with the following support in order to build their continuous monitoring programs:

• Enterprise Security Controls Analysis
• Continuous Monitoring Strategy
• Continuous Monitoring Assessment Plan
• Threat, Vulnerability, and Risk Analysis
• Security Assessments
• Risk Reporting