Supplemental Guidance on Ongoing Authorization: Transitioning to Near Real-Time Risk Management

Kelley L. Dempsey; Ronald S. Ross; Kevin M. Stine

The .gov means it’s official.
Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.

The site is secure.
The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.

PUBLICATIONS

Supplemental Guidance on Ongoing Authorization: Transitioning to Near Real-Time Risk Management

Published

June 3, 2014

Author(s)

Kelley L. Dempsey, Ronald S. Ross, Kevin M. Stine

Abstract

Office of Management and Budget (OMB) Memorandum M-14-03, Enhancing the Security of Federal Information and Information Systems, reminds Federal agencies that, "Our nation's security and economic prosperity depend on ensuring the confidentiality, integrity and availability of Federal information and information systems," and directs NIST to "publish guidance establishing a process and criteria for agencies to conduct ongoing assessments and authorization." The following guidance clarifies and amplifies current NIST guidance on security authorization contained in Special Publications 800-37, 800-39, 800-53, 800-53A, and 800-137.

Citation

OTHER -

NIST Pub Series

Other

Pub Type

NIST Pubs

Download Paper

DOI Link

Keywords

Federal Information Security Management Act, Information Security Continuous Monitoring, Office of Management and Budget, Risk Management Framework, Ongoing Assessment, Ongoing Authorization

Information technology and Cybersecurity

Created June 3, 2014, Updated January 27, 2020