U.S. flag   An unofficial archive of your favorite United States government website
Dot gov

Official websites do not use .rip
We are an unofficial archive, replace .rip by .gov in the URL to access the official website. Access our document index here.

Https

We are building a provable archive!
A lock (Dot gov) or https:// don't prove our archive is authentic, only that you securely accessed it. Note that we are working to fix that :)

This is an archive
(replace .gov by .rip)
A  |  B  |  C  |  D  |  E  |  F  |  G  |  H  |  I  |  J  |  K  |  L  |  M  |  N  |  O  |  P  |  Q  |  R  |  S  |  T  |  U  |  V  |  W  |  X  |  Y  |  Z

authorization package

Abbreviation(s) and Synonym(s):

Definition(s):

  Documents the results of the security control assessment and provides the authorizing official with essential information needed to make a risk-based decision on whether to authorize operation of an information system or a designated set of common controls. Contains: (i) the security plan; (ii) the security assessment report (SAR); and (iii) the plan of action and milestones (POA&M). Note: Many departments and agencies may choose to include the risk assessment report (RAR) as part of the security authorization package. Also, many organizations use system security plan in place of the security plan.
Source(s):
CNSSI 4009-2015 under security authorization package from NIST SP 800-37 Rev. 1

  See security authorization package
Source(s):
CNSSI 4009-2015

  The results of assessment and supporting documentation provided to the Designated Authorizing Official to be used in the authorization decision process.
Source(s):
NIST SP 800-79-2 under Authorization Package

  The essential information that an authorizing official uses to determine whether to authorize the operation of an information system or the provision of a designated set of common controls. At a minimum, the authorization package includes an executive summary, system security plan, privacy plan, security control assessment, privacy control assessment, and any relevant plans of action and milestones.
Source(s):
NIST SP 800-37 Rev. 2