In this module, you explored Step 6, the authorization step of the Risk Management Framework. Authorization is the process by which a senior management official, the authorizing official (AO), reviews security-related information describing the current security posture of an information system, product, or service and uses that information to determine whether or not the mission/business risk of operating a system, product, or service is acceptable—and if it is, explicitly accepts the risk. The security-related information is presented to the AO in a security authorization package.You have been tasked to brief the manager/CFO or CEO of your company about authorizing your system, product, or service for operation. Create a two- to three-page white paper describing the items in your Plan of Action and Milestones, the overall risk of the system, whether or not you were able to mitigate the vulnerabilities. Finally, add your recommendation for an authorization decision. Discuss any noncompliant security controls, based on the findings and recommendations to correct noncompliant security controls; any initial remediation actions and long-term tasks laid out in Plan of Actions & Milestones.Create a two- to three-page paper, not including title or reference pages, describing:
- The items in your Plan of Action and Milestones,
- The overall risk of the system, and
- Whether or not you were able to mitigate the vulnerabilities.
- Finally, add your recommendation for an authorization decision.
- Discuss any noncompliant security controls, based on the findings and recommendations to correct noncompliant security controls as well as any initial remediation actions and long-term tasks laid out in Plan of Actions & Milestones.
Your paper must be double-spaced, use a standard 12-point font and standard margins. At least two APA formatted in-text citations are required plus appropriate references must be listed. (Note: No wiki or blog references are allowed). Your document should also be free of any spelling and/or grammatical errors. To understand how your work will be assessed, view the assignment scoring rubric.