Cyber attacks against U.S. Federal information systems are relentless and increasingly sophisticated. The probability for grave damage continues to escalate despite the efforts and significant resources expended. The detection, analysis, and prioritization of cybersecurity vulnerabilities, threats, and the status of the effectiveness of cybersecurity protection measures is needed within minutes to reduce or eliminate compromise and the associated debilitating consequences. Information Security Continuous Monitoring (ISCM) leverages technology to evolve from compliance-focused cybersecurity to data-driven risk management. ISCM enables real-time or near-real-time cyber situational awareness to be responsive to the explosive rates of vulnerabilities, persistent threats, and determined enemies. Despite the promises of ISCM, Federal government agencies continue to face challenges in achieving effective ISCM. Therefore, as part of our ongoing research, in this paper we discuss the need for ISCM and its current status, analyze its challenges for cybersecurity, and propose the future strategies to leverage ISCM for cybersecurity.