(5) Service Authorization - This step represents the formal
acceptance of the stakeholders on the identified risks
involved in the adoption of the service and the agreed on
mitigations. The security plan and security assessment plan
are the security SLA among the involved parties.