Which activity describes the ongoing assessment of security controls after initial authorization in RMF?

Continuous monitoring is the ongoing assessment and status tracking of security controls after a system has been authorized to operate. It ensures you stay aware of changes in the environment, newly discovered vulnerabilities, and whether controls continue to function as intended. This ongoing activity feeds into risk management decisions and helps maintain an up-to-date authorization status under RMF. The other items relate to the initial authorization: a Security Assessment Report documents findings from the assessment, Plan of Actions and Milestones outlines remediation steps, and Authorization to Operate is the formal decision to allow operation. By continuously monitoring, you detect and respond to risk changes in a timely way, not just at the point of initial authorization.