In the NIST SP 800-37 rev2, the AO is responsible for assessor selection and plan and also for risk analysis and risk response, and then finally the authorization decision. Isn't this a conflict of interest?
[link] [comments]
AO's role in RMF seems like a conflict of interests
old.reddit.com / @/u/thehermitcoder, https://old.reddit.com/user/thehermitcoder
submitted by /u/thehermitcoder
[link] [comments]
published 6 months ago
See all items from the same source