FISMA & NIST RMF

Josef Kamara, CPA, CISSP, CISA · Updated May 6, 2026 · 1 minute read

Monitor Step (RMF Step 6)

The sixth step of the Risk Management Framework, in which the system owner sustains the authorization through continuous monitoring of selected controls, ongoing assessment, and configuration management. NIST SP 800-137 governs the design of the monitoring strategy, and modern implementations pursue Ongoing Authorization, in which a sustained monitoring program substitutes for the traditional three-year reauthorization cycle.

The Authority Brief

One compliance analysis per week from Josef Kamara, CPA, CISSP, CISA. Federal and private compliance, written for practitioners.