CA-6: Authorization

NIST Baseline:  Low 

Privacy Baseline:  Yes 

DIR Required By:  07/20/2023 

Review Date:  06/26/2024 

The Tarleton Chief Information Officer (CIO) has delegated authorization to operate Tarleton information resources to information resource owners and other applicable leadership within the Office of Innovative Technology Solutions (OITS).    

• Information resource owners or their designees are responsible for ensuring that authorized resources satisfy business needs.  
• The information resource owners will assist the relevant ITS personnel in helping ensure that authorized resources comply with security, privacy, and accessibility laws and policies.  
• An information resource owner must be identified for each information system. 
  • Information resource owners are accountable for security, privacy, and accessibility risks associated with the operation and use of the information systems under their authority.  
  • The information resource owner, with assistance from applicable OITS personnel, including, but not limited to Tarleton’s Chief Information Security Officer (CISO), is responsible for ensuring that the applicable authorizing official has approved the information system before beginning operation and when major changes are made to the information system, as needed. 

---

References/Additional Resources

None.  See any applicable internal procedures.