An Authorizing Official plays the role of an approver. What are the responsibilities of an Authorizing Official? Each correct answer represents a complete solution. Choose all that apply.
A.
Establishing and implementing the organization’s continuous monitoring program
B.
Ascertaining the security posture of the organization’s information system
C.
Determining the requirement of reauthorization and reauthorizing information systems when required
D.
Reviewing security status reports and critical security documents
Explanation:
An Authorizing Official plays the role of an approver. The responsibilities of an Authorizing Official are as follows:
Ascertains the security posture of the organization’s information system. Reviews security status reports and critical security documents.
Determines the requirement of reauthorization and reauthorizes information systems when required.Answer option A is incorrect. The Senior Agency Information Security Officer establishes and implements the organization’s continuous monitoring program.
What are the roles and responsibilities of a Senior Agency Information Security Officer? Hide
A Senior Agency Information Security Officer plays the role of a coordinator. The responsibilities of a Senior Agency
Information Security Officer are as follows:Establishes and implements the organization’s continuous monitoring program. Develops organizational guidance and configuration guidance for continuous monitoring of information systems and organization’s information technologies respectively. Consolidates and analyzes Plans of Action and Milestones (POAM) to decide organizational security weakness and inadequacy.
Develops automated tools to support security authorization and continuous monitoring. Provides training on the organization’s continuous monitoring process. Provides help to information system owners to develop and implement continuous monitoring.