Dempsey, K.
, Ross, R.
and Stine, K.
(2014),
Supplemental Guidance on Ongoing Authorization: Transitioning to Near Real-Time Risk Management, OTHER, National Institute of Standards and Technology, Gaithersburg, MD, [online], https://doi.org/10.6028/NIST.CSWP.06032014, https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=916095 (Accessed June 12, 2026)
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS
A lock (
) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
Supplemental Guidance on Ongoing Authorization: Transitioning to Near Real-Time Risk Management
Published
Author(s)
, Ron Ross,
Abstract
Office of Management and Budget (OMB) Memorandum M-14-03, Enhancing the Security of Federal Information and Information Systems, reminds Federal agencies that, "Our nation's security and economic prosperity depend on ensuring the confidentiality, integrity and availability of Federal information and information systems," and directs NIST to "publish guidance establishing a process and criteria for agencies to conduct ongoing assessments and authorization." The following guidance clarifies and amplifies current NIST guidance on security authorization contained in Special Publications 800-37, 800-39, 800-53, 800-53A, and 800-137.Citation
OTHER -
NIST Pub Series
Pub Type
NIST Pubs
Download Paper
Keywords
Federal Information Security Management Act, Information Security Continuous Monitoring, Office of Management and Budget, Risk Management Framework, Ongoing Assessment, Ongoing Authorization
Citation
Issues
If you have any questions about this publication or are having problems accessing it, please contact [email protected].
Created June 3, 2014, Updated May 7, 2026