Risk Management Framework (RMF) step 5 - Authorize the authorization package

  • Release version: Zurich
  • Updated October 13, 2025
  • 1 minute to read

    • Request final approval to operate, download the Authority to Operate report granting privileges, and set next authorization and engagement dates to define the validity of the package.

    Before you begin

    Role required: sn_irm_cont_auth.system_owner, sn_irm_cont_auth.info_system_sec_officer, sn_irm_cont_auth.authorization_official, sn_irm_cont_auth.info_system_sec_manager, sn_irm_cont_auth.admin

    Before you authorize the authorization package the system owner must review and document any POA&M issues, change requests, and vulnerable items that potentially threaten your systems.

    Procedure

    1. When the review is complete for an authorization package in the Access state, select Authorize.
    2. You can select Generate Report(s) to generate a FedRAMP System Security Plan (SSP) document for the authorization package in PDF format.Authorizing the Authorization Package
    3. When you’re satisfied that all is in order, select Request Approval.
      An approval request is sent to the Authorizing Official, who will access My Approvals from the navigation pane and review the information in the package. When the approval is received, the package transitions to the Monitor state.