An Automated Information System (AIS) is a system of computer hardware, computer software, data, and/or telecommunications that performs functions such as collecting, processing, storing, transmitting, and displaying information.
Program Managers (PM) for acquisitions of AIS applications are responsible for coordinating with organizations that will host (run) the applications early in the acquisition process. The PM needs to address operational security risks which the AIS may impose upon the organization, as well as identifying all system security needs that may be more easily addressed by organizational services than by system enhancement.
The baseline Information Assurance (IA) Controls serve as a common framework to facilitate this process. The Designated Approving Authority for the organization receiving an AIS application is responsible for incorporating the IA considerations for the AIS application into the enclave’s Information Assurance Plan (ISP). The burden for ensuring that an AIS application has adequate assurance is a shared responsibility of both the AIS application PM and the Designated Approving Authority for the hosting organization; however, the responsibility for initiation of this negotiation process lies clearly with the PM. PMs should, to the extent possible, draw upon the common IA capabilities that can be provided by the hosting organization. [1]
Major Automated Information System (MAIS)
A Major Automated Information System (MAIS) is an acquisition program for an Automated Information System.
AcqLinks and References:
Updated: 7/19/2021
Rank: G2.4