Description: Explains the general expectations for ongoing authorization of a federal information system that uses a FedRAMP Certified cloud service offering, especially collaborative continuous monitoring stuff - points to the CCM rules but doesn't quote them.

Purpose: Helps agencies know what the expectations are and where to find the explicit rules.

Edit: