Authorization Official. A decision-maker overseeing system certifications, responsible for formal acceptance or denial of risk in compliance packages. The Authorization official must be of a senior official, or rank able to accept the risk of an operational system on behalf of the organization. Within the DoD the AO is the Component head; PAO for MA- managed information systems. The term Authorization Official (AO) supersedes  the term Designated Accrediting Authority (DAA) as of 2012, and updated in 2014.

Applicability: Relevant in decision-making, system certifications, and risk acceptance and issues the Authority to Operate, Denial to Operate, Conditional Authority to Operate.

URL: NIST RMF Overview

DoDI 8510.01 DoD RMF

Chairman of the Joint Chief of Staff Instruction (CJCSI) 8410.02

Ignyte Platform becomes a third-party assessment organization (3PAO), now listed on the FedRAMP Marketplace - Read More