Chapter 6

Roles and Responsibilities


The evaluation and testing roles and responsibilities are defined here in detail for each test, evaluation, and authorization role in the RMF, to include the extra defined roles found in the DOD implementation of RMF.


roles and responsibilities
system owner
authorizing official
security officer
security control assessor
The Risk Management Framework acknowledges that organizations have widely varying missions and organizational structures, so there may be differences in naming conventions for risk management-related roles and how specific responsibilities are allocated among organizational personnel (e.g., multiple individuals filling a single role or one individual filling multiple roles). ...

Get Security Controls Evaluation, Testing, and Assessment Handbook now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.