The [organization] shall develop and document program-specific security assessment and authorization policies and procedures.{CA-1}
|
|
The [organization] shall have policies that clearly describe the processes and methodologies for conducting security assessments, obtaining authorizations, and performing continuous monitoring activities.{CA-1}
|
|
The [organization] shall designate an authorizing official for the system.{CA-6}
|
These officials must be federal employees, and are responsible for reviewing the security authorization package, assessing the risks, and making the decision to authorize system operation. They shall ensure compliance with relevant organizational policies and standards and are accountable for the decision to accept the risks associated with operating the system. The authorizing officials must be empowered with the authority to oversee and enforce the implementation and maintenance of security controls in accordance with organizational requirements and applicable regulations.
|
The [organization] shall develop a security plan for the spacecraft.{SV-MA-6}{PL-2,PL-7,PM-1,SA-8(29),SA-8(30)}
|
|