Oversight and Governance
OG-WRL-013

Systems Authorization

Responsible for operating an information system at an acceptable level of risk to organizational operations, organizational assets, individuals, other organizations, and the nation.

  • T0495: Manage Accreditation Packages (e.g., ISO/IEC 15026-2)
  • T1019: Determine special needs of cyber-physical systems
  • T1020: Determine the operational and safety impacts of cybersecurity lapses
  • T1022: Review enterprise information technology (IT) goals and objectives
  • T1023: Identify critical technology procurement requirements
  • T1036: Integrate leadership priorities
  • T1038: Integrate organization objectives in intelligence collection
  • T1107: Evaluate functional requirements
  • T1232: Approve accreditation packages
  • T1305: Determine if authorization and assurance documents identify an acceptable level of risk for software applications, systems, and networks
  • K0640: Knowledge of the organizational cybersecurity workforce
  • K0644: Knowledge of cybersecurity operation policies and procedures
  • K0674: Knowledge of computer networking protocols
  • K0675: Knowledge of risk management processes
  • K0676: Knowledge of cybersecurity laws and regulations
  • K0677: Knowledge of cybersecurity policies and procedures
  • K0678: Knowledge of privacy laws and regulations
  • K0679: Knowledge of privacy policies and procedures
  • K0680: Knowledge of cybersecurity principles and practices
  • K0681: Knowledge of privacy principles and practices
  • K0682: Knowledge of cybersecurity threats
  • K0683: Knowledge of cybersecurity vulnerabilities
  • K0684: Knowledge of cybersecurity threat characteristics
  • K0685: Knowledge of access control principles and practices
  • K0686: Knowledge of authentication and authorization tools and techniques
  • K0691: Knowledge of cyber defense tools and techniques
  • K0692: Knowledge of vulnerability assessment tools and techniques
  • K0698: Knowledge of cryptographic key management principles and practices
  • K0710: Knowledge of enterprise cybersecurity architecture principles and practices
  • K0711: Knowledge of evaluation and validation principles and practices
  • K0720: Knowledge of Security Assessment and Authorization (SA&A) processes
  • K0721: Knowledge of risk management principles and practices
  • K0723: Knowledge of vulnerability data sources
  • K0728: Knowledge of Confidentiality, Integrity and Availability (CIA) principles and practices
  • K0729: Knowledge of non-repudiation principles and practices
  • K0730: Knowledge of cyber safety principles and practices
  • K0734: Knowledge of Risk Management Framework (RMF) requirements
  • K0735: Knowledge of risk management models and frameworks
  • K0736: Knowledge of information technology (IT) security principles and practices
  • K0743: Knowledge of new and emerging technologies
  • K0746: Knowledge of policy-based access controls
  • K0747: Knowledge of Risk Adaptive (Adaptable) Access Controls (RAdAC)
  • K0751: Knowledge of system threats
  • K0752: Knowledge of system vulnerabilities
  • K0760: Knowledge of server diagnostic tools and techniques
  • K0761: Knowledge of Fault Detection and Diagnostics (FDD) tools and techniques
  • K0767: Knowledge of structured analysis principles and practices
  • K0778: Knowledge of enterprise information technology (IT) architecture principles and practices
  • K0784: Knowledge of insider threat laws and regulations
  • K0785: Knowledge of insider threat tools and techniques
  • K0791: Knowledge of defense-in-depth principles and practices
  • K0800: Knowledge of evidence admissibility laws and regulations
  • K0803: Knowledge of supply chain risk management principles and practices
  • K0819: Knowledge of import and export control laws and regulations
  • K0820: Knowledge of supply chain risks
  • K0821: Knowledge of federal agency roles and responsibilities
  • K0828: Knowledge of supply chain risk management standards and best practices
  • K0834: Knowledge of technology procurement principles and practices
  • K0838: Knowledge of supply chain risk management policies and procedures
  • K0839: Knowledge of critical infrastructure systems and software
  • K0859: Knowledge of encryption tools and techniques
  • K0870: Knowledge of enterprise architecture (EA) reference models and frameworks
  • K0871: Knowledge of enterprise architecture (EA) principles and practices
  • K0877: Knowledge of application firewall principles and practices
  • K0878: Knowledge of network firewall principles and practices
  • K0879: Knowledge of industry cybersecurity models and frameworks
  • K0880: Knowledge of access control models and frameworks
  • K0892: Knowledge of cyber defense laws and regulations
  • K0915: Knowledge of network architecture principles and practices
  • K0917: Knowledge of Personally Identifiable Information (PII) data security standards and best practices
  • K0918: Knowledge of Payment Card Industry (PCI) data security standards and best practices
  • K0919: Knowledge of Personal Health Information (PHI) data security standards and best practices
  • K0942: Knowledge of cryptology principles and practices
  • K0948: Knowledge of embedded systems and software
  • K0955: Knowledge of penetration testing principles and practices
  • K0956: Knowledge of penetration testing tools and techniques
  • K0962: Knowledge of targeting laws and regulations
  • K0963: Knowledge of exploitation laws and regulations
  • K0983: Knowledge of computer networking principles and practices
  • K0990: Knowledge of cyber operations principles and practices
  • K1014: Knowledge of network security principles and practices
  • K1050: Knowledge of critical information requirements
  • K1077: Knowledge of data security controls
  • K1079: Knowledge of web application security risks
  • K1084: Knowledge of data privacy controls
  • S0396: Skill in forecasting requirements
  • S0397: Skill in assessing requirements
  • S0398: Skill in analyzing organizational objectives
  • S0406: Skill in developing policy plans
  • S0414: Skill in evaluating laws
  • S0415: Skill in evaluating regulations
  • S0416: Skill in evaluating policies
  • S0430: Skill in collaborating with others
  • S0432: Skill in coordinating cybersecurity operations across an organization
  • S0439: Skill in identifying external partners
  • S0447: Skill in aligning privacy and cybersecurity objectives
  • S0465: Skill in identifying critical infrastructure systems
  • S0466: Skill in identifying systems designed without security considerations
  • S0497: Skill in developing client organization profiles
  • S0515: Skill in identifying partner capabilities
  • S0686: Skill in performing risk assessments
  • S0801: Skill in assessing partner operations capabilities
  • S0807: Skill in solving problems