Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

NIST Risk Management Framework RMF

Project Links

Overview FAQs News & Updates Events Publications Presentations

Risk Management Framework (RMF) - Authorize Step

At A Glance

RMF Authorize Step

Purpose: Provide accountability by requiring a senior official to determine if the security and privacy risk based on the operation of a system or the use of common controls, is acceptable.

Outcomes:

authorization package (executive summary, system security and privacy plan, assessment report(s), plan of action and milestones)
risk determination rendered
risk responses provided
authorization for the system or common controls is approved or denied

Resources for Implementers

Supporting NIST Publications

There are no additional supporting publications for the Authorize Step.

Back to About the RMF

Contacts

NIST Risk Management Framework Team
sec-cert@nist.gov

Group

Security Engineering and Risk Management

Topics

Security and Privacy: general security & privacy, privacy, risk management, security measurement, security programs & operations

Laws and Regulations: E-Government Act, Federal Information Security Modernization Act

Related Projects

Cybersecurity Framework
Cybersecurity Supply Chain Risk Management
Federal Cybersecurity & Privacy Forum
macOS Security
Open Security Controls Assessment Language
Operational Technology Security
Privacy Engineering
Protecting CUI
Systems Security Engineering (SSE) Project

Additional Pages

FISMA Background About the RMF Prepare Step Categorize Step Select Step Implement Step Assess Step Authorize Step Monitor Step SP 800-53 Controls SP 800-53 Release Search Downloads Control Catalog Public Comments Overview Public Comments: Submit and View Control Overlay Repository RMF Introductory Courses RMF Email List Meet the RMF Team RMF Presentation Request

Contacts

NIST Risk Management Framework Team
sec-cert@nist.gov

Group

Security Engineering and Risk Management

Topics

Security and Privacy: general security & privacy, privacy, risk management, security measurement, security programs & operations

Laws and Regulations: E-Government Act, Federal Information Security Modernization Act

Related Projects

Cybersecurity Framework
Cybersecurity Supply Chain Risk Management
Federal Cybersecurity & Privacy Forum
macOS Security
Open Security Controls Assessment Language
Operational Technology Security
Privacy Engineering
Protecting CUI
Systems Security Engineering (SSE) Project

Created November 30, 2016, Updated April 10, 2024