Fields on the Authorization Package form

Australia Governance, Risk, and Compliance

Release

australia

ft:locale

en-US

ft:publication_title

Australia Governance, Risk, and Compliance

ft:clusterId

grc

bundleId

grc

workflow

Technology

Fields on the Authorization Package form

Release version: Australia

Updated March 12, 2026

1 minute to read

After you have defined the authorization boundaries for the assets or systems to send through the Authorization to Operate process, you must create an authorization package for that purpose. The package is processed through the seven steps mandated by the RMF.

Authorization Package


Field	Description
Number	Auto-generated authorization package number.
Name	A name for the package.
Acronym	If needed, an acronym for identifying the package.
Missions/Business processes	The appropriate business process for this authorization package. Business processes are defined on the ServiceNow AI Platform; for example, at Policy & Compliance > Scoping > Business Processes.
Active	Activate the authorization package.
Step	The RMF step currently assigned to the package.
Authorization boundary	The authorization boundary for this package.
System purpose	The purpose behind this authorization package.
800-53 version	The NIST version for the authorization package.

Roles and Responsibilities

CAM roles that are required for particular tasks are listed in CAM user roles.


User / Role	Description
System owner	The individual responsible for procuring, developing, integrating, modifying, operating, and maintaining an information system.
Authorizing Official (AO)	The individual responsible for accepting an information system into an operational environment at a known risk level. Typically, this person is at the CISO or deputy CISO level.
Authorizing Official Designated Representatives (AODR)	One or more AODRs.
Security Control Assessors (SCA)	The individuals responsible for conducting a thorough assessment of the controls of an information system.
Information System Security Managers (ISSM)	The individuals responsible for conducting information system security management activities as designated by the ISSO.
Information System Security Officers (ISSO)	The individuals responsible for ensuring that the appropriate operational security posture is maintained for an information system.
Information owners	The individuals responsible for statutory, management, and operational authority.
System users	The users responsible for performing the actual work on the system.