The Business Owner is responsible for the successful operation of the system and is ultimately accountable for system security. The Business Owner defines the system’s functional requirements, ensures that Security Accreditation (previously referred to as Certification and Accreditation [C&A]) activities are completed, maintains and reports on the Plan of Action & Milestones (POA&M), and ensures that resources necessary for a smooth assessment are made available to the (Assessment Contractor). During the assessment process, the Business Owner shall be available for planning sessions, interviews, system discussions, providing documentation, and providing assistance when necessary (access, contacts, decisions, etc.). In some cases, the Business Owner may be the System Owner.
