Authorization Q3

  • Initial Authorization-Before the system is put into production (operation/maintenance phase). No assessment has been done before
  • Ongoing authorization-Subsequent risk determination base on agreed events. OA is event driven
    • Example of Events: New threat/vulnerability, increase number of weaknesses, change in Authorizing Official (AO), new business mission/requirement or significant operational or inventory change
  • Re authorization is time driven, mostly three years after the initial authorization
error: Content is protected !!