U.S. flag   An unofficial archive of your favorite United States government website
Dot gov

Official websites do not use .rip
We are an unofficial archive, replace .rip by .gov in the URL to access the official website. Access our document index here.

Https

We are building a provable archive!
A lock (Dot gov) or https:// don't prove our archive is authentic, only that you securely accessed it. Note that we are working to fix that :)

Computer Security Resource Center

Computer Security Resource Center

This is an archive
(replace .gov by .rip)
    Projects NIST Risk Management Framework About the RMF

NIST Risk Management Framework RMF

Risk Management Framework (RMF) - Authorize Step

At A Glance

RMF Authorize Step

 

 

Purpose: Provide  accountability by requiring a senior official to determine if the security and privacy risk based on the operation of a system or the use of common controls, is acceptable.
 
Outcomes: 

  • authorization package (executive summary, system security and privacy plan, assessment report(s), plan of action and milestones)
  • risk determination rendered
  • risk responses provided
  • authorization for the system or common controls is approved or denied
     

Resources for Implementers

There are additional supporting publications for the Authorize Step.

 

Back to About the RMF

Contacts

NIST Risk Management Framework Team
sec-cert@nist.gov

Created November 30, 2016, Updated November 01, 2021