The resulting Contract will be available for mandatory use by Executive Branch agencies (collectively “Authorized User”). The goal of the contract is to implement an Enterprise GRC solution that will: Manage state agencies authorization of information systems. Document the granting of authorizations including Authority to Operate (ATO) and Authority to Use (ATU), by agency’s Authorizing Official (AO) as they accept the risk of operations of assessed systems. Authorizations involve comprehensive identification, selection, implementation, testing, and evaluation of security controls of information systems. Address software and hardware security safeguards; considers procedural, physical, and personnel security measures; and establishes the extent to which a particular design (or architecture), configuration, and implementation meets a specified set of security requirements throughout the life cycle of the information system. Streamline policy, compliance, risk management, auditing, incident management, and vendor oversight processes.
