With 205 Controls, 423 enhancements and 1,394 definitions, it's overwhelming! Lucky for you, ISL's Cyber Security Professionals are here to help.

Contact us so we can discuss what Cyber Security controls mean to your organization.

PM-10 : SECURITY AUTHORIZATION PROCESS

FAMILY: Program ManagementCLASS: Management

PM-10 : SECURITY AUTHORIZATION PROCESS

The organization:

a. Manages (i.e., documents, tracks, and reports) the security state of organizational information systems through security authorization processes;

b. Designates individuals to fulfill specific roles and responsibilities within the organizational risk management process; and

c. Fully integrates the security authorization processes into an organization-wide risk management program.

The security authorization process for information systems requires the implementation of the Risk Management Framework and the employment of associated security standards and guidelines. Specific roles within the risk management process include a designated authorizing official for each organizational information system. Related control: CA-6.
Control Enhancements:
References: NIST Special Publications 800-37, 800-39.
Priority and Baseline Allocation:
P1 LOW PM-10 MOD PM-10 HIGH PM-10