TASK C-1
System Description
Document the characteristics of the system.

• System Owner

• Authorizing Official or Authorizing Official Designated Representative
• Information Owner or Steward
• System Security Officer
• System Privacy Officer

TASK C-2 Security Categorization Categorize the system and document the security categorization results.

• System Owner
• Information Owner or Steward

• Senior Accountable Official for Risk Management or Risk Executive (Function)
• Chief Information Officer
• Senior Agency Information Security Officer
• Authorizing Official or Authorizing Official Designated Representative
• System Security Officer
• System Privacy Officer

TASK C-3 Security Categorization Review and Approval Review and approve the security categorization results and decision.

• Authorizing Official or Authorizing Official Designated Representative
• Senior Agency Official for Privacy (for systems processing PII)

• Senior Accountable Official for Risk Management or Risk Executive (Function)
• Chief Information Officer
• Senior Agency Information Security Officer