Term
|
Definition
- Authorizing Official (AO)
- Security Control Assessor (SCA)
- Information System Owner (ISO)
- Information System Security Manager (ISSM)
- Information System Security Officer
|
|
|
Term
| What are the Responsibilities of the Authorizing Official (AO)? |
|
Definition
| The AO ensures all appropriate RMF tasks are intiated and completed, with appropriate documentation, for assigned ISs and PIT systems, monitor and track overall execution of system-level POA&Ms, Promote reciprocity |
|
|
Term
| What are the Responsibilities of the Security Control Assessor (SCA)? |
|
Definition
| The SCA is the senior official with authority and responsibility to conduct security control assessments. |
|
|
Term
| What are the Responsibilities of the Information System Owner (ISO)? |
|
Definition
| In coordination with the information owner (IO), the ISO categorizes systems and documents the categorization in the appropriat JCIDS documents (e.g., CDD). |
|
|
Term
| What are the Responsibilities of the Information System Security Manager (ISSM)? |
|
Definition
| The ISSM maintains and reports IS and PIT systems assessment and authorization status and issues, provides ISSO direction, and coordinates with the security manager to ensure issues affecting the organization's overall security are addressed appropriately. |
|
|
Term
| What are the Responsibilities of the Information System Security Officer (ISSO)? |
|
Definition
| The ISSO is responsible for maintaining the appropriate operational securit posture for an information system or program. |
|
|
