The National Institute of Standards and Technology said the purpose of the guideline is to assist organizations in the development of a continuous monitoring strategy and implement a program that provides awareness of threats and vulnerabilities, visibility into organizational assets and information about the effectiveness of deployed security controls. NIST also unveiled the final release of SP 800-126 Revision 2, The Technical Specification for the Security Content Automation Protocol: SCAP Version 1.2. The SCAP consists of a suite of specifications for standardizing the format and nomenclature in which software flaw and security configuration information is communicated, to machines and humans.”]
Source: https://www.inforisktoday.com/continuous-monitoring-guidance-issued-a-4115