Security Control Authorization Phase 5
- Plan of Action and Milestone (POA&M)-Identifies vulnerability, resources, impact, recommendation and time needed to resolve identified vulnerabilities during the assessment phase. This is prepared by the C&A analyst and the system Owner.
- Security Authorization Package is reviewed by the AO to issue
- ATO Authorize to Operate (ATO) letter-AO accepts all risks associated with the system
- Interim Authorize to Operate letter-AO issues a conditional ATO pending system owner solving all POAM items within a specific period of time, usually 6 months
- Denial Authorization to Operate-AO does not issue ATO pending system owner solving all POAM items identified
- Security Authorization Package includes
error: Content is protected !!
Accessing this course requires a login. Please enter your credentials below!