It is wrong always, everywhere and for everyone to believe anything upon insufficient evidence.85
W. K. Clifford, British Mathematician and Philosopher
In this chapter:
The package: SSP, POA&M, security control assessment summary, certification statement
Supporting evidence: system inventory, security control assessment plan, security assessment report, configuration management plan, continuity of operations/contingency plan, user guides, incident response plan, privacy impact assessment, interconnection agreements
In the previous chapters, we presented a process for approaching information system authorization ...