Authorizing Official (AO) Handbook (CPE = 8 Hours)

Organization: CTI

Created by: Keith Frederick


This course provides an overview of the Authorizing Official (AO) role in the Risk Management Framework (RMF) process, discusses implications of performing AO duties and emphasizing RMF as a continuous process.  In addition, it provides guidance for analyzing the Security Authorization Package (SAP) and making the authorization decision.  It provides a means to protect the information system (IS), the information it processes, and thus, the Authorization Official from civil prosecution (or if appropriate military prosecution) by providing evidence of the AO’s intentions to manage the system’s risk.


AO Handbook Overview

  1. Introduction
  2. Terminology
  3. Threat, Vulnerability, and Risk
  4. Applicable Laws, Policies, Directives, and Standards
  5. Roles and Responsibilities
  6. Authorizing Official Challenges
  7. Risk Management Framework (RMF)
  8. RMF Phase I - Implementation
  9. RMF Phase II - Assessment
  10. RMF Phase III - Authorization
  11. RMF Phase IV - Continuous Monitoring

Download Sample Part 1 - Introduction-Demo.pdf ~ (61.56 MB)

Excel With eLeaP

Great Affordable Courses By Trusted Experts