Training for Application Owners
Application owner is the individual or group with the responsibility to ensure that the program or programs, which make up the application, accomplish the specified objective or set of user requirements established for that application, including appropriate security safeguards.
This training session serves a diverse group of individuals and organizations in both the public and private sectors including, but not limited to, individuals with:
- System development life cycle responsibilities (e.g., program managers, mission/business owners, information owners/stewards, system designers and developers, system/security engineers, systems integrators);
- Acquisition or procurement responsibilities (e.g., contracting officers);
- System, security, or risk management and oversight responsibilities (e.g., authorizing officials, chief information officers, chief information security officers, system owners, information security managers); and
- Security assessment and monitoring responsibilities (e.g., auditors, system evaluators, assessors, independent verifiers/validators, analysts).
1 ACCESS CONTROL
2 AWARENESS AND TRAINING
3 AUDIT AND ACCOUNTABILITY
4 CONFIGURATION MANAGEMENT
5 IDENTIFICATION AND AUTHENTICATION
6 INCIDENT RESPONSE
8 MEDIA PROTECTION
9 PERSONNEL SECURITY
10 PHYSICAL PROTECTION
11 RISK ASSESSMENT
12 SECURITY ASSESSMENT
13 SYSTEM AND COMMUNICATIONS PROTECTION
14 SYSTEM AND INFORMATION INTEGRITY
The above roles and responsibilities can be viewed from two distinct perspectives: the Government perspective as the entity establishing and conveying the security requirements in contractual vehicles or other types of inter-organizational agreements; and the nongovernment perspective as the entity responding to and complying with the security requirements set forth in contracts or agreements.