Computer Security Resource Center

Computer Security Resource Center

Computer Security
Resource Center

Supplemental Guidance on Ongoing Authorization: Transitioning to Near Real-Time Risk Management
June 03, 2014

NIST announces the release of Supplemental Guidance on Ongoing Authorization: Transitioning to Near Real-Time Risk Management. This publication responds to Office of Management and Budget (OMB) Memorandum M-14-03, Enhancing the Security of Federal Information and Information Systems, that directed NIST to publish guidance establishing a process and criteria for federal agencies to conduct ongoing assessments and ongoing authorization. This is the first of three major updates to NIST guidance supporting the Risk Management Framework and the full transition to ongoing authorization by employing best practices in information security continuous monitoring. The second publication, an errata update to NIST Special Publication 800-37, Revision 1, Guide for Applying the Risk Management Framework to Federal Information Systems: A Security Life Cycle Approach, will be released on June 10, 2014. This update will ensure that the Risk Management Framework (RMF) process is consistent with the new federal policy on ongoing authorization and tightly coupled to the emerging continuous monitoring activities within the federal government. The third publication, NIST Special Publication 800-53A, Guide for Assessing the Security Controls in Federal Information Systems and Organizations: Building Effective Security Assessment Plans, will be released as an Initial Public Draft in July 2014. This update will ensure that the security assessment procedures are consistent with the security controls in NIST Special Publication 800-53, Revision 4. In addition, to help facilitate ease of use for our customers, the revision number of SP 800-53A is being changed to Revision 4, to be consistent with the current revision number of SP 800-53.

Created December 21, 2016, Updated April 13, 2017