Chapter 6

Roles and Responsibilities

Abstract

The evaluation and testing roles and responsibilities are defined here in detail for each test, evaluation, and authorization role in the RMF, to include the extra defined roles found in the DOD implementation of RMF.

Keywords

roles and responsibilities
system owner
authorizing official
security officer
security control assessor
The Risk Management Framework acknowledges that organizations have widely varying missions and organizational structures, so there may be differences in naming conventions for risk management-related roles and how specific responsibilities are allocated among organizational personnel (e.g., multiple individuals filling a single role or one individual filling multiple roles). ...

Get Security Controls Evaluation, Testing, and Assessment Handbook now with the O’Reilly learning platform.

O’Reilly members experience live online training, plus books, videos, and digital content from nearly 200 publishers.