| 2.3.12-14-1 Ensure Security Authorization Package POA&M is properly updated |
Phase D1 |
Phase D2 |
Phase D3 |
|
Ensure the plan of action and milestones (POA&M) is prepared based on the findings and recommendations of the security assessment report excluding any remediation actions taken.
|
NA
|
NA
|
Guide for Applying the Risk Management Framework to Federal Information Systems, NIST SP 800-37
|
| 2.3.12-14-2 Ensure Security Authorization Package Security Assessment Report is properly updated |
Phase C |
Phase D1 |
Phase D2 |
Phase D3 |
|
Ensure the security authorization package is prepared and submitted to the authorizing official for adjudication. Ensure the Interim Authority To Proceed (IATT) and Approval To Operate (ATO) are available at the appropriate times.
|
AFMAN 63-119 A12.2.5
|
NA
|
Guide for Applying the Risk Management Framework to Federal Information Systems, NIST SP 800-37; AFMAN 63-119 or equivalent
|