You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Jul 12, 2018. It is now read-only.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<p>Whoever owns a government information system must accept the risk of operating that system. Most 18F engagements, regardless of business unit, require us to operate an information system for some period of time: whether in alpha, beta, or fully live status. For Federal teams that support the mission of other Federal agencies, it can sometimes be unclear who must accept this risk. At 18F, we require that all of our partners agree that for systems operated by 18F 18F will enforce a risk management framework and will grant the system’s authority to operate (ATO) based on 18F standards. If the system is transferred to the partner at later date, they will then need to issue a new ATO. This agreement provides the necessary clarity on roles and responsibilities for the system.</p>
<p>I, [NAME], the Authorizing Official for [DEPT/AGENCY DIVISION/TEAM], hereby accept 18F/GSA’s authority to accept the risk of operating information systems under 18F/GSA’s control and created as a result of Interagency Agreement [NUMBER]. 18F/GSA’s authority is to determine the level of risk, select controls, test the system, grant an authority to operate, and to ensure compliance with all relevant laws and regulations.</p>
<p>18F/GSA will work independently to receive an authority to operate and will bear responsibility of technical work associated with the process.</p>
<p>A Requesting Agency Designated Official signs this document.</p>
