Is it the information system owner that is responsible for the continuous monitoring phase? or just the responsible party but others may be assign to handle the phase?
The System Owner, though listed as the responsible party in NIST 800-37, does not do all the leg work in this Phase. The ISSO updates implementation statements if need be and uploads artifacts for the Assessor to assess. The Assessor assesses the controls, reviews the implementation statement and passes or fails the control.
The ISSO then briefs the System Owner on the status of the continuous monitoring (Sir/Madam, this is how many controls failed, this is how many passed). System Owner approves is briefed before, during and after continuous monitoring and signs any documents needed
The NIST 800 Series, i saw its from U.S Department of commerce,
Is it a general series? can it be use in Africa, Nigeria.
The NIST series can be used anywhere. It's basically best practices or guidelines.
WHATS THE DIFFERENCE BETWEEN CISSP AND ISSO
The CISSP is a professional cybersecurity certification while ISSO is a job title.
Now, there is also an ISSO certification by Mile One but it 8s more recognized in Canada
What's new in the world of Cybersecurity?