Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Replace In some cases a definition will contain a numbered or bulleted list of elements. This most commonly occurs when a term is defined in an Authority Document. When adding a definition to the Compliance Dictionary replace any lists containing bullets or numbers with hyphens.

...

For example, in definitions you either write or find with hyphensthe term ‘security authorization package’ above (taken from NIST’s online glossary) you will notice that the definition contains a list. When entering this and similar definitions into the Compliance Dictionary change the numbers to hyphens. The new definition should read:

Documents the results of the security control assessment and provides the authorizing official with essential information needed to make a risk-based decision on whether to authorize operation of an information system or a designated set of common controls. Contains:

- the security plan;

- the security assessment report (SAR); and

- the plan of action and milestones (POA&M).

Note: Many departments and agencies may choose to include the risk assessment report (RAR) as part of the security authorization package. Also, many organizations use system security plan in place of the security plan.