Good morning,
Let's have a discussion!
After an Authorization Package has completed the RMF Process and is in the Monitor Step, what are your ideas to make changes to earlier steps. It seems that the OOTB method is to back up through each step until you get where you need to be. For example, if you need to change the Impact, you need to be in the Categorize Step. But does anyone have ideas of how to do this without stepping backward through all the steps. I know we can manully add and retire controls, but a categorization change could affect many hundred controls. It seems that we should be able to change the categorization and step through only the records that need updating.
The same would go for changings to Overlays, Inheritance, or marking a control as common. It seems that there should be a way to do this without going back to Select. Going back to Select will retire everything and make you start clean, but if you are already in Monitor, having to rework everything seems counter-intuitive to Continuous Authorization.
I doubt there are any right or wrong answers here, so please share your thoughts.
