NIST SP 800-137 Information Security Continuous Monitoring (ISCM) for Federal Information Systems and Organizations
This NIST publication addresses assessment and analysis of security control effectiveness and of organizational security status in accordance with organizational risk tolerance.