Cyber Authorisation
Jump to navigation
Jump to search
Authorisation Package is an information pack to assist CISO to approve Authority to Operate for a system. Usually includes:
- System security plan (SSP)
- Incident response plan (IRP)
- Continuous monitoring plan
- Security assessment report
- Plan of action and milestones
The authorising officer could be more demanding and ask for more before they are convinced. Or they may see the business need for the system to be so high that they’re willing to authorise on less information. Again, this is why we can’t have universal declarations of a system being good for a particular classification. Interim or provisional authorisation doesn’t exist anymore. You either have a system that’s authorised, or it’s not. The authorisation could be constrained, and come with promises to implement changes in the future.