CAP · Question #224
For which of the following reporting requirements are continuous monitoring documentation reports used?
The correct answer is A. FISMA. FISMA (Federal Information Security Management Act) explicitly requires federal agencies to implement continuous monitoring programs and submit annual security reports to OMB. Continuous monitoring documentation - including system status reports, control assessment results, and P
Question
For which of the following reporting requirements are continuous monitoring documentation reports used?
Options
- AFISMA
- BNIST
- CHIPAA
- DFBI
How the community answered
(56 responses)- A89% (50)
- B2% (1)
- C2% (1)
- D7% (4)
Explanation
FISMA (Federal Information Security Management Act) explicitly requires federal agencies to implement continuous monitoring programs and submit annual security reports to OMB. Continuous monitoring documentation - including system status reports, control assessment results, and Plan of Action & Milestones (POA&M) updates - is used to satisfy FISMA reporting obligations. NIST produces the standards and guidelines that support FISMA compliance, but is not itself a reporting requirement body. HIPAA governs healthcare data, and the FBI is a law enforcement agency, neither of which mandates continuous monitoring reports in this context.
Topics
Community Discussion
No community discussion yet for this question.