Information Security Continuous Monitoring (ISCM)

ARL ISCM Team Contact Information

Government Lead - Akhilomen Oniha
Contact email -
Contact phone - 301-394-2117 (M-F)

For current ARL CSSP Subscribers access can be requested via (CAC Required, select your signature/email certificate)

ISCM Website: (CAC Required, select your signature/email certificate)

ARL CSSP ISCM Page (includes ISCM User Guide): (CAC Required, select your identity certificate)

Information Security Continuous Monitoring Overview

The Army Research Laboratory's Cyber Security Service Provider subscribers and select other organizations can request access to ARL's Information Security Continuous Monitoring. Users of ISCM are able to access an enterprise-wide computer defense tool providing analysts and managers with an interface to assess the security posture of their systems.

ISCM allows users, including managers and commanders, to judge the current relative security risks posed to information systems.

Data sources include Assured Compliance Assessment Solution, Host Based Security System, the Interrogator XFLOW, Interrogator snort alerts, Interrogator Incident Reports and the National Vulnerability Database. ISCM users should have basic knowledge on how to use the ACAS, HBSS and Interrogator tools.

The key to providing risk metrics at scale is the ability to integrate reports from the various security tools deployed across the network. Individual security tools monitor subsets of security controls. These tools do not provide an integrated picture of an organizations overall security status. In contrast, ISCM integrates data provided by a number of security tools deployed throughout the Army, including HBSS, ACAS, and ARL's intrusion detection system. ISCM enables situational awareness of information security, threats, and vulnerabilities. ISCM also provides a trending capability that allows users to compare the overall security picture for an organization across a range of dates.

ISCM Capabilities

Analysts can use ISCM to make informed and actionable risk management decisions by evaluating asset configuration compliance and support evaluating sites for Cyber Vulnerability Assessments and Information Security. Once normalized, this data provides a platform for creating and evaluating risk metrics at an enterprise scale.

The ISCM capability establishes, "the on-going observation, assessment, analysis, and diagnosis of an organization's Cybersecurity posture, hygiene, and operational readiness" described in the 9.2 version of the Evaluators Scoring. ARL as a certified and accredited CSSP and recognized research and development laboratory, is well-postured to provide an ISCM solution and align it to operationally relevant needs.

ARL is integrating an ISCM solution in collaboration with representatives from Defense Information Systems Agency National Security Agency, and the Department of Defense Chief Information Officer's office. This solution will provide the foundation for classification-agnostic analytics that will advise Army cyber security shaping efforts.

ARL's Cloud based analytics provide an enterprise view of risk within the data visualization framework under the Information Security Continuous Monitoring (ISCM) project. The analytics comprise a suite of mission-focused capabilities that provide Cyber Mission Forces with techniques for obtaining and maintaining situational awareness and conducting advanced cyber defense.

Here is a sampling of the capabilities that the ARL ISCM solution currently provides:

sampling of the capabilities that the ARL ISCM solution


Last Update / Reviewed: January 30, 2018