Continuous Monitoring improvements

[gregelin]

This issue is for the improvement of continuous monitoring as per Question 32 in the Technical QA, which reads:

\32. Question: Would the Government please clarify what is meant “continuous monitoring”? Is it security monitoring or performance or both?

Answer: Continuous Monitoring, as used by the federal government (see, e.g., https://cio.gov/protect/continuous-monitoring/) refers to a “risk management approach to cybersecurity that maintains an accurate picture of an agency’s security risk posture, provides visibility into assets, and leverages use of automated data feeds to quantify risk, ensure effectiveness of security controls, and implement prioritized remedies.”

The essential point here is "provides visibility into assets" and "use of automated data feeds".

[gregelin]

To demonstrate continuous monitoring, we created "ami-b7393887" in AWS region "us-west-2" using 18F's FISMA-READY Ubuntu-LTS to ensure our application deploys successfully on a host (e.g., server) automatically configured with security controls compatible with US Government baseline guidance.