Continuous monitoring provides real-time visibility into the security posture — continuously checking for vulnerabilities, misconfigurations, and unauthorized changes rather than point-in-time assessments.
FISMA requires continuous monitoring for federal systems. CDM (Continuous Diagnostics and Mitigation) is DHS's program. Contrast with annual pen tests — continuous gives ongoing visibility.