Article 58 – Security Assessment and Authorization Policy
49150.4 Policy Directives
-
The department shall ensure that a plan for assessing security controls in department information assets is defined and documented. The plan shall include the following:
-
Roles and responsibilities for security assessments and authorization.
-
Assessments are integrated in life cycle processes and operational assessments, and identify weaknesses and deficiencies early in information asset acquisition, development, and integration processes.
-
Essential information needed to make risk management decisions as part of security authorization processes is provided to the defined risk decision makers.
-