Cyber Authorisation

From Glitchdata
Jump to navigation Jump to search

Authorisation Package is an information pack to assist CISO to approve Authority to Operate for a system. Usually includes:

The authorising officer could be more demanding and ask for more before they are convinced. Or they may see the business need for the system to be so high that they’re willing to authorise on less information. Again, this is why we can’t have universal declarations of a system being good for a particular classification. Interim or provisional authorisation doesn’t exist anymore. You either have a system that’s authorised, or it’s not. The authorisation could be constrained, and come with promises to implement changes in the future.