Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

NIST Risk Management Framework RMF

Risk Management Framework (RMF) - Authorize Step

At A Glance

RMF Authorize Step



Purpose: Provide  accountability by requiring a senior official to determine if the security and privacy risk based on the operation of a system or the use of common controls, is acceptable.

  • authorization package (executive summary, system security and privacy plan, assessment report(s), plan of action and milestones)
  • risk determination rendered
  • risk responses provided
  • authorization for the system or common controls is approved or denied

Resources for Implementers

There are no additional supporting publications for the Authorize Step.


Back to About the RMF

Created November 30, 2016, Updated May 08, 2024