CHAPTER 10: AUTHORIZATION PACKAGE AND SUPPORTING EVIDENCE

It is wrong always, everywhere and for everyone to believe anything upon insufficient evidence.85

W. K. Clifford, British Mathematician and Philosopher

In this chapter:

The package: SSP, POA&M, security control assessment summary, certification statement

Supporting evidence: system inventory, security control assessment plan, security assessment report, configuration management plan, continuity of operations/contingency plan, user guides, incident response plan, privacy impact assessment, interconnection agreements

In the previous chapters, we presented a process for approaching information system authorization ...

Get The Definitive Guide to the C Transformation Process now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.