From the course: Implementing the NIST Risk Management Framework
Join today to access over 25,000 courses taught by industry experts.
Authorize: Risk analysis
From the course: Implementing the NIST Risk Management Framework
Authorize: Risk analysis
Once you've completed your assessment of the security controls as documented in your Readiness Assessment report, System Security Plan, and Plan of Actions and Milestones, you'll then take the role of the authorizing official. The next step in the NIST Risk Management Framework is for the senior official to make a risk-based decision to authorize the system to operate. The purpose of the NIST RMF Authorize step is to provide accountability by requiring a senior official to determine if the security and privacy risk, based on the operation of the system or use of common controls, is acceptable. There are five primary tasks in the Authorize step: the authorization package, a risk analysis and determination, the risk response, the authorization decision, and lastly authorization reporting. The first task in the Authorize step is to compile and present the authorization package. Authorization packages are all of the official reports and documents up to this point, including system and…
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.