home || catalog: SP800-53rev3 / class: Management / family: (PM) Program Management ||
search controls:
search nistpubs:

AC
AT
AU
CA
CM
CP
IA
IR
MA
MP
PE
PL
PM

PM-01
PM-02
PM-03
PM-04
PM-05
PM-06
PM-07
PM-08
PM-09
PM-10 *
PM-11

PS
RA
SA
SC
SI
MMMMM

  PM-10: Security Authorization Process  

base control objective:
The organization:
a. Manages (i.e., documents, tracks, and reports) the security state of organizational information systems through security authorization processes;
b. Designates individuals to fulfill specific roles and responsibilities within the organizational risk management process; and
c. Fully integrates the security authorization processes into an organization-wide risk management program.

supplemental objective information:
The security authorization process for information systems requires the implementation of the Risk Management Framework and the employment of associated security standards and guidelines. Specific roles within the risk management process include a designated authorizing official for each organizational information system.

enhancements to the base objective:

(1) None.

mapping to FIPS199 baseline:

  LOW: org     MOD: org     HIGH: org  

related (regimented) controls:

None.

documents referenced in SP800-53rev3 for PM-10:

None.

Document Date Status Title

Search SP800-53rev3 catalog: