Register the system with organizational program or management offices.
Potential Inputs: Organizational policy on system registration; system information.
Expected Outputs: Registered system in accordance with organizational policy. Primary Responsibility: System Owner.
Supporting Role: Mission or Business Owner; Chief Information Officer; System Security Officer; System Privacy Officer.
System Development Life Cycle Phase: New – Initiation (concept/requirements definition). Existing – Operations/Maintenance.
Discussion: System registration, in accordance with organizational policy, serves to inform the governing organization of plans to develop the system or the existence of the system; the key characteristics of the system; and the expected security and privacy implications for the organization due to the operation and use of the system. System registration provides organizations with a management and tracking tool to facilitate bringing the system into the enterprise architecture, implementation of protections that are commensurate with risk, and security and privacy posture reporting in accordance with applicable laws, executive orders, directives, regulations, policies, or standards. As part of the system registration process, organizations add the system to the organization-wide system inventory. System registration information is updated with security categorization and system characterization information upon completion of the Categorize step.