Ongoing Authorization In Summary
- OA is event driven
- Example of Event: New treat / vulnerability, increase number of weaknesses, change in Authorizing Official (AO), new business mission/requirement or significant operational or inventory change
- OA is dynamic, near real-time ongoing authorization process as oppose to a static, point in time authorization process
- OA is fundamentally related to the ongoing understanding and ongoing acceptance of information security risk
- OA is affected by the ISCM strategy defined under Phrase six of the RMF (continuous Monitoring)
- Condition to implement OA
- Initial Authorization needs to be completed
- The organization need to develop an Information Security Continuous Monitoring (ISCM) strategy (This document contains the events)
- Ongoing authorization decision for a system needs to be formally documented by the authorization official (Example within the ATO)
error: Content is protected !!
Accessing this course requires a login. Please enter your credentials below!