Download:
pdf |
pdfU.S. Department of Homeland Security
Washington, DC 20528
October 30, 2019
MEMORANDUM FOR:
Melton Roland
System Owner
FROM:
Lytwaive Hutchinson
Chief Information Officer
SUBJECT:
Authorization Decision for Emergency Notification System
1. As the Authorizing Official (AO), I hereby grant an Authority to Operate (ATO) for the operation
and connection of Emergency Notification System that has an overall risk rating of LOW. This
authorization is granted based on the information provided by the security assessment conducted on
October 21, 2019.
2. This ATO will expire three (3) years from the date of issuance, October 30, 2022. The system
MUST be re-authorized prior to the expiration date or the system may by disconnected.
Additionally, recertification and authorization are required if: (1) there are significant modifications
to the system which alter or impact the security controls, authorization boundary, or architectural
design; (2) any additional risk identified during the continuous monitoring process deemed to be
unacceptable.
3. System Owners are required to ensure the items listed below are accomplished:
a. Compliance with all published Department of Homeland Security (DHS) and FEMA
Cybersecurity policy requirements. Failure to comply with requirements can result in the
ATO being withdrawn.
b. Document all vulnerabilities (critical, high, moderate and low) within the system security
Plan of Action and Milestones (POA&M) and DHS Information Assurance Compliance
System (IACS).
c. POA&M timelines that support this ATO decision must be remediated in accordance with
their assigned scheduled completion date. Failure to meet POA&M requirements can result
in the ATO being withdrawn.
d. The system owner must brief the status of the security authorization POA&M to the Chief
Information Security Officer (CISO) monthly.
4. For system re-authorization, System Owners should follow the vulnerability remediation
requirements outlined in the memorandum, Vulnerability Remediation Standard for Granting an
ATO, dated July 10, 2019.
�Authorization Decision for Emergency Notification System
5. My point of contact for this memorandum is, the Deputy CISO, Amber Pearson,
[email protected], (202) 212-7339.
LYTWAIVE L HUTCHINSON
Lytwaive Hutchinson
Chief Information Officer
Digitally signed by LYTWAIVE L HUTCHINSON
Date:
Date2019.11.13 14:53:36 -05'00'
2
�
| File Type | application/pdf |
| File Title | Facsimile Transmission |
| Author | CT-Home |
| File Modified | 2019-11-13 |
| File Created | 2019-10-30 |