Chapter 6

Roles and Responsibilities


The evaluation and testing roles and responsibilities are defined here in detail for each test, evaluation, and authorization role in the RMF, to include the extra defined roles found in the DOD implementation of RMF.


roles and responsibilities
system owner
authorizing official
security officer
security control assessor
The Risk Management Framework acknowledges that organizations have widely varying missions and organizational structures, so there may be differences in naming conventions for risk management-related roles and how specific responsibilities are allocated among organizational personnel (e.g., multiple individuals filling a single role or one individual filling multiple roles). ...

Get Security Controls Evaluation, Testing, and Assessment Handbook now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.