SECURITY AUTHORIZATION - 5315.9

Introduction: The authorizing official(s) provide budgetary oversight for state entity information assets and assume responsibility for the mission/business operations supported by those systems.

Policy: Consistent with the State Information Management Principles, Record of Decisions (SAM section 4800), each state entity shall establish a documented security authorization method which tracks official management decisions authorizing the operation of information assets and explicit acceptance of risks based on implementation of agreed-upon information security measures. The state entity head shall assign senior-level executive(s) or manager(s) as the authorizing official(s).