Create an authorization package

  • Release version: Yokohama
  • Updated January 30, 2025
  • 1 minute to read

    • After you have defined the authorization boundaries for the assets or systems to send through the Authorization to Operate process, you must create an authorization package for that purpose. The package is processed through the seven steps mandated by the RMF.

    Before you begin

    Role required: sn_irm_cont_auth.system_owner or sn_irm_cont_auth.admin

    Note:
    The roles are required for accessing the authorization package only after it has transitioned beyond the Prepare state.

    Procedure

    1. Navigate to All > Continuous Authorization & Monitoring > All Authorization Packages.
      Authorization packages
    2. Select New and then fill in the form.

      The settings are described in Fields on the Authorization Package form.

      Authorization package - new
    3. Select the Roles and Responsibilities tab and specify the responsibilities of various stakeholders during the review and approval process.

      The settings are described in Fields on the Roles and Responsibilities tab.

    4. Select the PTA/PIA tab and perform the Privacy Threshold Analysis by answering the questions.

      The PTA identifies whether various types of the Personal Identifiable Information (PII) exist in the systems being authorized.

      Privacy Threshold Analysis/Privacy Impact Assessment
    5. If you answered No to all of the questions, you are not required to take a Privacy Impact Analysis and can select Submit.
    6. If you answered Yes to any of the questions, you must take a Privacy Impact Analysis.
      1. In the Assessment respondents field, select the lock icon and select the users you want to take the assessment.
      2. When you have selected the respondents, select the lock icon again.
      3. Select Submit.
        The assessment request notification is sent to the selected respondents.
      4. When the PIA has been completed, the assessment responses appear in a related list in the Authorization Package form.
    7. Select the Notes and Comments tab to add any customer-facing notes to the package.
    8. Select Categorize to transition the package to the next step