Chapter 9

Risk Management Framework Steps 5 & 6

Information in this chapter:

• Preparing for System Authorization

• Tasks in RMF Step 5: Authorize Information System

• Tasks in RMF Step 6: Monitor Security Controls

The decision to authorize a system to operate is an indication that the security controls documented in the system security plan are adequate to satisfy the system’s requirements, supported by the results of security control assessments that validate the successful implementation and effectiveness of security controls. Authorizing officials consider security documentation and other information provided by system owners and common control providers that offer evidence regarding the security of their systems and the risk to the organization ...

Get FISMA and the Risk Management Framework now with the O’Reilly learning platform.

O’Reilly members experience live online training, plus books, videos, and digital content from nearly 200 publishers.