In assessing federal agencies, what key document must be re-authorized every three years?

The Information System Security Authorization is pivotal for federal agencies as it serves as a formal, documented approval that provides the authority to operate a system based on an acceptable level of risk. This authorization is crucial for ensuring that the agency's information systems comply with various security requirements and regulations.

The re-authorization process occurs every three years to reflect changes in the system, its environment, or the threat landscape. This periodical review ensures that the security controls remain effective and that risks are continuously managed. It also validates that the agency is up to date with the most recent standards and practices in information security, maintaining integrity and trust in the systems used by the federal government.

While the other documents listed play important roles in the overall security framework, they do not specifically require a re-authorization every three years in the same standardized manner as the Information System Security Authorization does.