Risk Management Framework Steps 5 & 6
Information in this chapter:
• Preparing for System Authorization
• Tasks in RMF Step 5: Authorize Information System
• Tasks in RMF Step 6: Monitor Security Controls
The decision to authorize a system to operate is an indication that the security controls documented in the system security plan are adequate to satisfy the system’s requirements, supported by the results of security control assessments that validate the successful implementation and effectiveness of security controls. Authorizing officials consider security documentation and other information provided by system owners and common control providers that offer evidence regarding the security of their systems and the risk to the organization ...