Citation Edit

Office of Management and Budget, FY 2011 Reporting Instructions for the Federal Information Security Management Act and Agency Privacy Management (OMB Memorandum M-11-33) (Sept. 14, 2011) (full-text).

Overview Edit

Rather than enforcing a static, three-year reauthorization process, agencies are expected to conduct ongoing authorizations of information systems through the implementation of continuous monitoring programs. Continuous monitoring programs thus fulfill the three-year security reauthorization requirement, so a separate re-authorization process is not necessary.