- Initial Authorization-Before the system is put into production (operation/maintenance phase). No assessment has been done before
- Ongoing authorization-Subsequent risk determination base on agreed events. OA is event driven
- Example of Events: New threat/vulnerability, increase number of weaknesses, change in Authorizing Official (AO), new business mission/requirement or significant operational or inventory change
- Re authorization is time driven, mostly three years after the initial authorization
error: Content is protected !!
Accessing this course requires a login. Please enter your credentials below!