a.
Assigns a senior-level executive or manager as the authorizing official for the information system;
b.
Ensures that the authorizing official authorizes the information system for processing before commencing operations; and
c.
Updates the security authorization [Assignment: organization-defined frequency].