a. Categorize the system and information it processes, stores, and transmits; b. Document the security categorization results, including supporting rationale, in the security plan for the system; and c. Verify that the authorizing official or authorizing official designated representative reviews and approves the security categorization decision.
ID | Name | Description | D3FEND | |
CM0089 | Assessment & Authorization | The A&A process establishes the extent to which a particular design and implementation, meet a set of specified security requirements defined by the organization, government guidelines, and federal mandates into a formal authorization package. |
ID | Description |
Requirement |
---|
ID | Name | Description |
---|