One must verify or expel his doubts, and convert them into the certainty of Yes or No.72
Thomas Carlyle, Scottish Essayist, Satirist, and Historian
In this chapter:
Assessing the security controls Developing the plan of action and milestones Authorizing the information system operation
The previous phase ended with the implementation of a set of security controls as defined in the system security plan. This phase begins with a review of the initial SSP and the independent assessment of the security controls and ends with a risk-based decision to either authorize or deny the operation of an information system.