3.7 MONITOR

Purpose

The purpose of the Monitor step is to maintain an ongoing situational awareness about the security and privacy posture of the information system and the organization in support of risk management decisions.

MONITOR TASKS

Table 8 provides a summary of tasks and expected outcomes for the RMF Monitor step. Applicable Cybersecurity Framework constructs are also provided.

TABLE 7: AUTHORIZE TASKS AND OUTCOMES


Tasks		Outcomes
TASK M-1 SYSTEM AND ENVIRONMENT CHANGES		• The information system and environment of operation are monitored in accordance with the continuous monitoring strategy. [Cybersecurity Framework: DE.CM; ID.GV]
TASK M-2 ONGOING ASSESSMENTS		• Ongoing assessments of control effectiveness are conducted in accordance with the continuous monitoring strategy. [Cybersecurity Framework: ID.SC-4]
TASK M-3 ONGOING RISK RESPONSE		• The output of continuous monitoring activities is analyzed and responded to appropriately. [Cybersecurity Framework: RS.AN]
TASK M-4 AUTHORIZATION PACKAGE UPDATES		• Risk management documents are updated based on continuous monitoring activities. [Cybersecurity Framework: RS.IM]
TASK M-5 SECURITY AND PRIVACY REPORTING		• A process is in place to report the security and privacy posture to the authorizing official and other senior leaders and executives.
TASK M-6 ONGOING AUTHORIZATION		• Authorizing officials conduct ongoing authorizations using the results of continuous monitoring activities and communicate changes in risk determination and acceptance decisions.
TASK M-7 SYSTEM DISPOSAL		• A system disposal strategy is developed and implemented, as needed.

Quick link to summary table for RMF tasks, responsibilities, and supporting roles.

3.7 MONITOR

Purpose

MONITOR TASKS

TABLE 7: AUTHORIZE TASKS AND OUTCOMES

Table of contents