a. Categorize the system and information it processes, stores, and transmits; b. Document the security categorization results, including supporting rationale, in the security plan for the system; and c. Verify that the authorizing official or authorizing official designated representative reviews and approves the security categorization decision.
| ID | Name | Description | D3FEND | |
| CM0089 | Assessment & Authorization | The A&A process establishes the extent to which a particular design and implementation, meet a set of specified security requirements defined by the organization, government guidelines, and federal mandates into a formal authorization package. | ||
| ID | Description | |
| Requirement |
|---|
| ID | Name | Description | |
|---|---|---|---|