Risk Determination / Acceptance Q2
- After reviewing the Security Authorization Package, the Authorizing Official/designated representative makes a decision whether to issue:
- Authorize to Operate (ATO) letter-AO accept all risks associated with the system
- Interim Authorize to Operate letter-AO issue a conditional ATO pending system owner solving all POAM items within a specific period of time, usually 6 months
- Denial Authorization to Operate-AO do not issue ATO pending system owner solving all POAM items identified
- Authorize to Operate (ATO) letter- specify the time period within which the system is authorized to operate, and also specify the expiration date. Letter is signed by both System Owner and AO
- ATO is usually valid for a period of 3 years
error: Content is protected !!
Accessing this course requires a login. Please enter your credentials below!