Page History
Systems enter the Continuous Monitoring Phase, Step 6 of the NIST Risk Management Framework (RMF), after achieving authorization to operate (ATO). The purpose of this phase is to provide oversight and monitoring of the security controls in the information system on an ongoing basis and to inform the Authorizing Official (AO) when changes occur that may impact the security of the system. CM consists of three tasks:
...