08
ADVANCED
Continuous controls monitoring
Production system polling 52 controls hourly, scoring health, tracking drift, auto-generating evidence.
Overview
Replaces annual point-in-time audits with real-time continuous monitoring. Distributed agent architecture: agents evaluate controls against current infrastructure state hourly, score implementation strength, track drift over time, and alert on regressions.
Implementation
Each control maps to one or more evaluator functions. Agents run on EC2, poll control state, persist results to DynamoDB with timestamps, maintain a 90-day trend history, send SNS alerts on any PASS→FAIL transition, and automatically generate evidence bundles on schedule.
Terminal output
[CCM] Hourly sweep started · 09:00Z
Controls in scope: 52
[AC-2] Account Mgmt PASS ✓
[AU-9] Audit Protection FAIL ✗ ← degraded
[SC-28] Encryption PASS ✓
[IA-5] Auth Mgmt PASS ✓
... (48 more)
Result: 49 PASS · 3 FAIL
ALERT → SNS: AU-9 drift detected
Evidence → s3://audit/2025-04-16/bundle.zip
Stack
PythonEC2DynamoDBSNSCloudWatch
Source code
Source repository in the works — check back soon.