Where does the ConMon come from?

old.reddit.com / @/u/CostaSecretJuice, https://old.reddit.com/user/CostaSecretJuice

I’ve worked as an ISSO for a while, and im looking to get back into this line of work.

Ive gone through the quarterly ConMon checklist for the SAP I work in. But who actually writes the ConMon spreadsheet? Why are those controls selected? Is it written prior to the ATO by an ISSO/ISSM or is given to the program by the customer? Is it based on your Risk Assessment Report?

submitted by /u/CostaSecretJuice
[link] [comments]

published about 1 month ago


Previous

IATT
published about 1 month ago

Next

NIST 800-53/FedRAMP Audit Artifact Requests & Internal Q&A
published about 1 month ago
See all items from the same source