← All projects
08 ADVANCED

Continuous controls monitoring

Production system polling 52 controls hourly, scoring health, tracking drift, auto-generating evidence.

Overview

Replaces annual point-in-time audits with real-time continuous monitoring. Distributed agent architecture: agents evaluate controls against current infrastructure state hourly, score implementation strength, track drift over time, and alert on regressions.

Implementation

Each control maps to one or more evaluator functions. Agents run on EC2, poll control state, persist results to DynamoDB with timestamps, maintain a 90-day trend history, send SNS alerts on any PASS→FAIL transition, and automatically generate evidence bundles on schedule.

Terminal output
continuous-controls-monitoring.py
[CCM] Hourly sweep started · 09:00Z Controls in scope: 52 [AC-2] Account Mgmt PASS ✓ [AU-9] Audit Protection FAIL ✗ ← degraded [SC-28] Encryption PASS ✓ [IA-5] Auth Mgmt PASS ✓ ... (48 more) Result: 49 PASS · 3 FAIL ALERT → SNS: AU-9 drift detected Evidence → s3://audit/2025-04-16/bundle.zip
Stack
PythonEC2DynamoDBSNSCloudWatch
Source code

Full implementation, tests, and documentation available on GitHub.

View on GitHub ↗