>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

SLC-06Information System Operation Authorization

>Control Description

Senior management authorizes the operation of new information systems, based on security and business requirements, prior to implementation. The information system authorization is refreshed every 3 years or when significant change occurs.

Theme

Process

Type

Preventive

Policy/Standard

Secure Development Lifecycle Policy

>Implementation Guidance

1. Ensure there is documented service lifecycle program which is updated on a need-to-know basis 2. Ensure there is a documented information system operation authorization which is approved by the senior management and updated once in every 3 years or on a need-to-know basis.

>Testing Procedure

1. Inspect the approval matrix for Service Lifecycle Program Management. 2. Inspect the approval matrix for Information System Operation Authorization by the authorized senior management to determine the operation of new information systems 3. Review the information system authorization is updated every 3 years or when significant changes occurs.

>Audit Artifacts

E-SLC-09
E-SLC-10

>Framework Mappings

Cross-framework mappings provided by Adobe CCF Open Source under Creative Commons License.

FedRAMP Rev 5
1

MA-06

TX-RAMP
1

MA-6

Ask AI

Configure your API key to use AI features.