Page History
...
A security impact analysis is conducted in the continuous monitoring phase after a system receives an ATO when the system is planning to undergo a significant change which may impact the security posture of the system. The National Institute of Standards and Technology (NIST) Special Publication (SP) 800-37, Revision 1, Guide for Applying the Risk 2, Risk Management Framework to Federal for Information Systems and Organizations: A Security A System Life Cycle Approach for Security and Privacy (Appendix F, Section F.6, Page F-8Pages 153-154) provides a general definition of what a significant change is and provides examples of what could be considered a significant change.
...