UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

PM-10 SECURITY AUTHORIZATION PROCESS


Overview

Number Title Impact Priority Subject Area
PM-10 Security Authorization Process Program Management

Instructions
The organization:
PM-10a.
Manages (i.e., documents, tracks, and reports) the security state of organizational information systems and the environments in which those systems operate through security authorization processes;
PM-10b.
Designates individuals to fulfill specific roles and responsibilities within the organizational risk management process; and
PM-10c.
Fully integrates the security authorization processes into an organization-wide risk management program.
Guidance
Security authorization processes for information systems and environments of operation require the implementation of an organization-wide risk management process, a Risk Management Framework, and associated security standards and guidelines. Specific roles within the risk management process include an organizational risk executive (function) and designated authorizing officials for each organizational information system and common control provider. Security authorization processes are integrated with organizational continuous monitoring processes to facilitate ongoing understanding and acceptance of risk to organizational operations and assets, individuals, other organizations, and the Nation.

Enhancements