The sample (PDF) provided is intended to provide an example of the content that would be captured in an attestation or authorization document for the results of a security assessment. The names, documents, and timeframes referenced in the sample text below would be tailored by the agency to their policy and needs (e.g., replacing the bracketed, blue text). The basic elements of this type of attestation or authorization include:
- Providing written statement of risk acceptance
- Providing terms and conditions of the attestation or authorization to include required actions for mitigation
- Providing a date for termination of the attestation or authorization at which point a new attestation/authorization would need to be issued
An explanation of these key elements is provided to the agency in the bracketed text [example] to guide the completion of the self attestation/authorization.