Latest revision as of 00:24, 20 January 2026

Ongoing assessment and authorization

Maintaining ongoing awareness of information security, vulnerabilities, and threats to support organizational risk management decisions. Note: The terms “continuous” and “ongoing” in this context mean that security controls and organizational risks are assessed and analyzed at a frequency sufficient to support risk-based security decisions to adequately protect organization information. See organizational information security continuous monitoring and automated security monitoring.

Source: CNSSI 4009-2015 | Category:

@@ Line 1: / Line 1: @@
 {{LanguageHeader|en}}
-{{CyberTerm|definition=Maintaining ongoing awareness of information security, vulnerabilities, and threats to support organizational risk management decisions. Note: The terms “continuous” and “ongoing” in this context mean that security controls and organizational risks are assessed and analyzed at a frequency sufficient to support risk-based security decisions to adequately protect organization information. See organizational information security continuous monitoring and automated security monitoring.|source=CNSSI 4009-2015}}
+{{CyberTerm|definition=Maintaining ongoing awareness of information security, vulnerabilities, and threats to support organizational risk management decisions.
+Note: The terms “continuous” and “ongoing” in this context mean that security controls and organizational risks are assessed and analyzed at a frequency sufficient to support risk-based security decisions to adequately protect organization information.
+See organizational information security continuous monitoring and automated security monitoring.|source=CNSSI 4009-2015}}