Quality assurance should be performed throughout the project's life and can also be executed incrementally at specific points in the life cycle or be performed in a manner that is integrated into all project efforts.
ATO Package Review
Paying attention to detail and knowing what is irrelevant information versus significant information is key in making informed risk based decisions. The purpose of a security authorization package review is to implement a rigorous set of quality standards to ensure that applicable organization and NIST controls have been properly documented.
Information systems are in a constant state of change with upgrades to hardware, software, or firmware and modifications to the surrounding environments where the systems reside and operate. Getting assessments as accurate as possible should be a cornerstone to a robust continuous monitoring program.