Fields on the Authorization Boundary form

  • Release version: Zurich
  • Updated July 31, 2025
  • 2 minutes to read

    • An authorization boundary defines the scope of a particular system that can be continuously managed and monitored using the CAM application.

    Table 1. Authorization Boundary form
    Field Description
    Name A unique and descriptive name for this boundary.
    Description A description for this boundary.
    Operational status Option to set the status of the boundary manually or auto-populate. The operational status:
    • Under development
    • Reauthorize
      The system automatically updates the operational status from Operational to Reauthorize based on:
      • When the Next Authorization Date selected in the authorization package is within the number of days given in the CAM system property.
      • sn_irm_cont_auth.days_before_boundary_reauthorizes configured in the system properties. The default value is 180 days. To update the value navigate to All > sys_properties.LIST. Enter sn_irm_cont_auth.days_before_boundary_reauthorizes in the filter search bar. Open the record and update the Value.
    • Operational

      Auto-populated when the active Authorization Packages get authorized and moves from Authorize to Monitor state.

    • Decommissioned
    Mission critical Option to set the boundary as mission-critical.
    System owner The individual responsible for procuring, developing, integrating, modifying, operating, and maintaining an information system.
    Information owners The individuals responsible for statutory, management, and operational authority.
    System users Responsible for performing the actual work on the system.
    Diagrams If needed, or if you don’t have a Configuration Management Database (CMDB), add data flow, network, and boundary diagrams.
    Boundary type Option to set the type of the boundary. The types are as follows.
    • GSS: General Support System (GSS) is a collection of connected IT resources managed together, including hardware, software, data, applications, and people.
    • Major app: An application that handles sensitive information and requires special security oversight due to the high risk if the data is lost, misused, or accessed without authorization.
    • Minor app: An application that needs security protection but has lower risk than a major application. Minor applications are typically included as part of a general support system.
    • Sub system: A major component of a larger information system that performs specific functions.
    • Closed system: A self-contained system that operates only within your organization and doesn’t connect to external systems.
    Classification Option to set the classification of the boundary. The types are as follows.
    • Confidential: Lowest level of classified information that requires protection from unauthorized disclosure.
    • Secret: Mid-level classified information that requires substantial protection and restricted access.
    • Top secret: Highest level of classified information that requires maximum protection and stringent access controls.
    • Sensitive but unclassified: Non-classified information that requires protection due to its sensitive nature such as personal, proprietary, or business-sensitive data).
    • CUI: Controlled unclassified information (CUI) requires specific safeguarding and handling per federal regulations or policies.