(ISCM)/ Ongoing Authorization (OA)
- Risk Management Framework (RMF)
- Authorization-OA happens here and it is affected by the ISCM strategy define under Phase six of the RMF (continuous Monitoring)
- Continuous Monitoring
- FISMA is guided by OMB Circular A-130
- FISMA guidance on OA is stated in OMB Circular 14-04
- OA is fundamentally related to the ongoing understanding and ongoing acceptance of information security risk
http://csrc.nist.gov/publications/nistpubs/800-37- rev1/nist_oa_guidance.pdf