No separate contract is required. No sole source justification is required.
Given the ATO the information system is to operate in a particular security mode using a prescribed set of safeguards and function at an acceptable level of risk to the agency. Back to top.
In the Initiation Phase, the policy analyst OCIO analyzes the security documentation supporting the information system.
In the Initiation Phase we review or update the following documentation: This authorization package is reviewed by the Authorizing Official AO and a formal declaration of an information system accreditation is either granted as an Authorization to Operate ATO or ATO with conditions or outright denial of authorization to operate. Activities include: In the Initiation Phase we review or update the following documentation:.
The purpose of our assessment is to determine if the controls are implemented correctly, operating as intended and producing the desired control described in the System Security Plan.
Activities include:. ATO is the official management decision given by a senior agency official to authorize operation of an information system and to explicitly accept the risk to agency operations, agency assets, or individuals based on the implementation of an agreed-upon set of security controls.W5: What you may not know about 9-1-1 calls