Which RMF step provides ongoing oversight after authorization?

Ongoing oversight after authorization is achieved through continuous monitoring. In this RMF step, the focus is keeping the system secure as it operates, not just at the point of approval. It involves regularly assessing the effectiveness of security controls, watching for changes to the system or its environment, tracking vulnerabilities and incidents, and ensuring configurations remain within the authorized boundary. It also includes reporting status to the authorizing official and triggering remediation or reauthorization when needed. Without this ongoing activity, the system could drift from its approved state as threats and changes occur. Earlier steps set up the foundations: categorizing defines the risk level to determine baseline controls; selecting chooses and tailoring those controls; authorizing grants permission to operate. These are pre- or at-authorization activities, whereas continuous monitoring provides the post-authorization oversight that keeps the authorization valid over time.