Chapter 13

RMF Phase 5

Authorizing the Information System

Abstract

This chapter introduces phase 5 of the RMF, the point when the authorizing official makes a determination to either approve or deny the system’s operation based on risk to the organization.

Keywords

authorizing official

approval to operate

ATO

denial of approval to operate

DTO

risk acceptance

risk executive (function)

Table of Contents

Chapter Overview and Key Learning Points

Phase 5, Task 1: Developing the Plan of Action and Milestones (POA&M)

Column 1: Type of Weakness

Column 2: Office or Organization Responsible for Resolving the Weakness

Column 3: Required Funding and the Source of the Funding

Column 4: Scheduled Completion Date

Column 5: Key Milestones and Milestone Completion ...

Get Risk Management Framework now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Risk Management Framework by James Broad

RMF Phase 5

Authorizing the Information System

Abstract

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly