← Back to Home
01 · Expose · 02 · Eliminate · 03 · Enforce

Continuous
Measurement.
Posture that reflects now.

A gap closed last month isn't necessarily closed today. Continuous Measurement is how you know the difference.

The gaps were found. Some were fixed. Continuous Measurement is what ensures the score stays honest — running every Measurement Question against every asset in the inventory, on schedule, automatically. When something changes, the next cycle surfaces it. When something is fixed, the next cycle confirms it.

Request a DemoSee How It Works
One
Global schedule — one configurable cycle runs across every asset in the inventory
On Demand
Run any time — don't wait for the schedule when something just changed
Every
Asset in the inventory evaluated — not a sample, not a subset
Auto
Score updates — no manual aggregation, no scheduled reports required
Common question — At a glance

How do you continuously measure OT cybersecurity controls — on schedule, on change, or on event — to satisfy NIST SP 800-137 ISCM and replace the quarterly point-in-time compliance snapshots that go stale immediately?

ConsoleWorks Continuous Measurement runs every measurement question against every OT asset on schedule, producing fresh control evidence rather than periodic snapshots. Configuration baselines, credential state, session policy, audit settings, and framework-specific controls are re-tested on every cycle so security posture reflects today, not last quarter's point-in-time assessment.

Where This Picks Up

Risk Analysis showed you the score.
Eliminate closed the gaps.
Continuous Measurement keeps it honest.

A risk score that was accurate last quarter tells you nothing about right now. Configurations drift. New assets appear. Fixed gaps reopen. Continuous Measurement is what separates a posture that reflects reality from one that reflects a point-in-time assessment that's been aging ever since.

Every Measurement Question. Every asset in the inventory. On schedule — or on demand. The score you see always reflects the latest cycle, not last quarter.

Scheduled — globally configurable
One schedule, applied across the entire inventory. Every asset evaluated on every cycle.
On demand — any time
Don't wait for the next scheduled cycle. Run measurement on demand when something just changed.
Scores update automatically
Every cycle recalculates scores at every level — sub-control to fleet — without manual aggregation or intervention.
Closures confirmed — not assumed
A gap isn't closed when the ticket is marked done. It's closed when the measurement confirms Pass on the next cycle.
How the Cycle Works

Five steps. Every asset.
Every cycle.

The same sequence runs on every measurement cycle — whether triggered by the schedule or on demand. No manual steps. No human intervention required.

01 · Trigger

Cycle Initiates

Schedule fires automatically — or operator runs on demand. No action required on the scheduled run.
02 · Evaluate

Questions Run

Every Measurement Question evaluates every asset in the inventory. Each returns Pass or Fail — no subjectivity.
03 · Aggregate

Scores Roll Up

Results aggregate through the SCF hierarchy — sub-control to control to domain to site to org to fleet.
04 · Surface

Gaps Appear

New failures surface. Reopened gaps reappear. Closed gaps confirmed as Pass drop off the queue.
05 · Update

Posture Current

Scores updated at every level. The posture you see reflects this cycle — not a point-in-time snapshot from last quarter.
Scheduled Run
Set it. Forget it.

Configure the schedule once. The cycle runs automatically across every asset in the inventory — no action required. Every run updates scores, surfaces new gaps, and confirms closures. Posture reflects the latest cycle without anyone initiating it.

On-Demand Run
Don't wait for the schedule.

A vendor just finished a maintenance window. A configuration was corrected. A new asset was added to the inventory. Run measurement on demand to get current posture immediately — without waiting for the next scheduled cycle to confirm the change.

What Each Cycle Produces

Three things happen
on every run.

Every measurement cycle — scheduled or on demand — produces the same three outputs automatically. No manual steps between the cycle running and the results being available.

01 · Updated Scores

Posture reflects the latest run

Every Pass/Fail result from the cycle rolls up through the SCF hierarchy. Sub-control scores update. Control scores update. Domain, site, organization, and fleet scores all recalculate automatically.

Scores at every level updated — sub-control through fleet
Reporting Scope updated — assets reporting vs. expected
Trend history extended — each cycle adds a data point to the posture trajectory
No manual aggregation — recalculation is automatic on every cycle
02 · Surfaced Gaps

New failures and reopened gaps appear

Any asset that returns a new Fail — or returns to Fail after a previous Pass — surfaces in the remediation queue, ranked by organizational impact. Any asset that moved from Fail to Pass is confirmed closed and drops off.

New failures surface — ranked by score impact against your asset weightings
Reopened gaps reappear — a Pass that reverted to Fail is treated as a new finding
Confirmed closures drop off — Pass on this cycle removes the gap from the queue
Fix path ready — SRA session available from the queue for managed assets
03 · Measurement Record

Every cycle is documented

Every cycle produces a timestamped record of every Pass/Fail result per asset per question. This record is the raw material for compliance evidence — mapped to SCF controls and the frameworks that apply to your organization.

Pass/Fail per asset per question — timestamped to the cycle
Mapped to SCF sub-controls — and automatically crosswalked to your frameworks
Stored continuously — evidence accumulates without anyone assembling it
Available on demand — any time period, any asset scope, for compliance reporting
Gap Lifecycle

Closed means confirmed.
Not assumed.

Most platforms remove a gap when a ticket is marked done. ConsoleWorks removes a gap when the measurement confirms Pass. The distinction matters — a ticket can be marked done while the underlying issue persists. The measurement doesn't lie.

The same logic applies to reopened gaps. If a configuration drifts back after a fix, the next measurement cycle surfaces it as a new finding. You don't have to monitor for regression — the cycle does it automatically.

Cycle N — Fail

Gap detected

AV_DEFS_CURRENT returns Fail on ENG-WRK-07. Gap surfaces in the queue, score drops, fix path available via SRA.
Between Cycles

Fix applied via SRA

Operator opens SRA session from the queue, updates AV definitions on the device. Fix complete — but not yet confirmed.
Cycle N+1 — Pass

Closure confirmed

AV_DEFS_CURRENT returns Pass. Gap drops off the queue. Score updates. Evidence record includes the Fail and the confirmed Pass.
Cycle N+4 — Fail again

Gap reopens

Definitions have drifted out of the required window again. Cycle detects the regression. Gap resurfaces in the queue automatically — no monitoring required.
Who It Serves

One cycle.
Three different conversations.

For the CISO

Posture you can trust — because it's always current.

A risk score that was accurate last quarter is a liability in a board conversation today. Continuous Measurement means the posture the CISO presents reflects the latest cycle — not a point-in-time assessment that's been aging since the last audit. Trend data shows whether posture is improving or degrading over time, at every level from asset to fleet.
Posture reflects the latest measurement cycle — never a stale snapshot
Trend history at every level — is posture improving, stable, or degrading?
Regressions surface automatically — closed gaps that reopen appear on the next cycle
On-demand run available — get current posture any time, not just at scheduled intervals
CISO View

What Continuous Measurement delivers for security leadership

Continuously current posture — score reflects the latest cycle, not last quarter
Trend data — every cycle adds a data point to the posture trajectory at every level
Regression detection — gaps that reopen surface automatically without monitoring
On-demand run — current posture available any time, not just on the scheduled interval
Reporting Scope visible — always know what percentage of the inventory is actively reporting
For Operations Teams

Know what changed since the last cycle.

Operations teams don't need a posture summary — they need to know what's new. What failed since the last run? What was confirmed fixed? What reopened? Continuous Measurement surfaces exactly that — the delta between cycles — with a direct fix path for managed assets.
New failures since the last cycle — ranked by organizational impact
Confirmed closures — Pass on this cycle removes the gap from the queue
Reopened gaps — regressions surface without any manual monitoring
On-demand run after maintenance — confirm fixes without waiting for the schedule
Operations View

What Continuous Measurement delivers for operations

New failures surfaced each cycle — no manual comparison between runs
Fix button on managed assets — SRA session opens directly from the gap
Closure confirmed by measurement — not by ticket status
On-demand run after a maintenance window — confirm the state without waiting
Regression detection automatic — reopened gaps appear on the next cycle
For Compliance Teams

Posture that's always current. Evidence that accumulates automatically.

Compliance teams need to demonstrate continuous monitoring — not a point-in-time snapshot assembled before the audit. Every measurement cycle produces a timestamped record mapped to SCF controls and your compliance frameworks. The evidence accumulates continuously as a byproduct of the cycle running. How that evidence is organized and reported is covered on the Compliance Reporting page.
Continuous monitoring demonstrated — every cycle is a timestamped compliance record
Posture always current — never a point-in-time snapshot assembled under deadline
Evidence accumulates automatically — no manual collection between cycles
Framework mapping automatic — SCF crosswalk applied on every cycle
Compliance View

What Continuous Measurement produces for your compliance program

Timestamped measurement record on every cycle — Pass/Fail per asset per question
SCF mapping automatic — every result crosswalked to your frameworks on each run
Continuous posture — score reflects the latest cycle, not a periodic assessment
Trend history — demonstrable improvement over time, cycle by cycle
Evidence ready for Compliance Reporting — available on demand for any time period
Continuous Measurement in the Platform

Everything upstream feeds it.
Compliance Reporting consumes it.

Continuous Measurement sits between Risk Analysis and Compliance Reporting. Asset Intelligence built the inventory that defines the scope. Risk Analysis showed what the scores mean and how to act on them. Continuous Measurement keeps those scores honest — running the cycle, updating posture, and producing the measurement records that Compliance Reporting turns into audit evidence.

Scope defined by

Asset Intelligence

The inventory defines what gets measured. Every asset in the inventory is a candidate for every Measurement Question on every cycle. Inventory accuracy is measurement accuracy.

Learn more →
Scores interpreted by

Risk Analysis

Continuous Measurement produces the results. Risk Analysis is where those results mean something — rolled up through the SCF hierarchy, surfaced as prioritized gaps, and made actionable through the fix queue.

Learn more →
Evidence consumed by

Compliance Reporting

Every measurement cycle produces a timestamped record mapped to SCF controls. Compliance Reporting is where those records become audit evidence — organized by framework, time period, and asset scope.

Learn more →
Related capabilities

How It Works

See the full evidence cycle that measurements drive — from collection to enforcement.

Learn more →

Critical Infrastructure

Continuous measurement across all 8 critical infrastructure sectors and their frameworks.

Learn more →

Intelligent Event Monitoring

Event signals from IEM trigger and feed re-measurement automatically.

Learn more →
Common Questions

ConsoleWorks, answered.

Direct answers to the questions OT security teams, integrators, and AI assistants ask most often.

ConsoleWorks measures every asset against the controls that apply to it — configuration baselines, credential state, session policy, audit settings, patch state, framework-specific controls — on every cycle, producing fresh measurement results rather than periodic snapshots.

Cycle cadence is configurable. Most operators run daily cycles for baseline controls and on-change cycles for configuration and credentials. ConsoleWorks does not require a fixed schedule; cycles can be tied to events.

Vulnerability scans test for known CVEs. Continuous measurement tests for control compliance and configuration integrity — including controls that have no CVE but are still required by NERC CIP, IEC 62443, or NIST CSF. The two are complementary; ConsoleWorks ingests scanner output as one input among many.

ConsoleWorks measurement is designed for OT — native protocols, rate-limits, off-peak scheduling, read-mostly operations. Field devices that cannot tolerate query load are addressed via cached configuration and brokered session evidence rather than direct probing.

See It In Your Environment

Posture that reflects now.
Not last quarter.

See ConsoleWorks Continuous Measurement against your actual environment — your inventory, your measurement questions, your schedule. Know what changed. Know what was confirmed. Know what came back.

Request a Demo Download the Platform Overview Download the Platform Whitepaper