In RMF, which artifact demonstrates ongoing compliance and remediation progress?

In RMF, ongoing compliance is shown through continuous monitoring and up-to-date artifacts that reflect current security posture and remediation activities. The set that includes monitoring results, an updated System Security Plan, SAR updates, and POA&M status provides a living view of how controls are performing and what remediation steps have been completed or are in progress. Monitoring results show current control effectiveness; the SSP documents the implemented controls and any changes; the SAR updates capture the latest assessment findings; the POA&M tracks outstanding remediation actions and milestones. Together, these artifacts demonstrate that the system remains compliant and that remediation is actively progressing. A hardware list doesn’t reflect control status, a vendor compliance certificate may not indicate ongoing posture, and a one-time risk assessment doesn’t show current remediation progress.