Example of Event: New treat / vulnerability, increase number of weaknesses, change in Authorizing Official (AO), new business mission/requirement or significant operational or inventory change
OA is dynamic, near real-time ongoing authorization process as oppose to a static, point in time authorization process
OA is fundamentally related to the ongoing understanding and ongoing acceptance of information security risk
OA is affected by the ISCM strategy defined under Phrase six of the RMF (continuous Monitoring)
Condition to implement OA
Initial Authorization needs to be completed
The organization need to develop an Information Security Continuous Monitoring (ISCM) strategy (This document contains the events)
Ongoing authorization decision for a system needs to be formally documented by the authorization official (Example within the ATO)
Login
Accessing this course requires a login. Please enter your credentials below!