Information Security Governance Papers
|
Paper Title
|
Security Accreditation29
|
|
The Abstract of The Paper
|
Provide the necessary security authorization of an information system to process, store, or transmit information that is required. This authorization is granted by a senior organization official and is based on the verified effectiveness of security controls to some agreed-upon level of assurance and on an identified residual risk to agency assets or operations. This process determines whether the remaining known vulnerabilities in the information system pose an acceptable level of risk to agency operations, agency assets, or individuals. Upon successful completion of this phase, system owners will either have authority to operate, interim authorization to operate, or denial of authorization to operate the information system.
|
|
Web Link
|
http://csrc.nist.gov/publications/nistpubs/800-100/SP800-100-Mar07-2007.pdf
|
Back To Information Security Governance Papers List