CERTIFICATION AND ACCREDITATION

All federal agencies in the United States are required to have their IT systems and infrastructure certified and accredited. This certification and accreditation process is more informally known as C&A.

Background and Purpose

Title III of the E-Government Act (Public Law 107-347) entitled Federal Information Security Management Act (FISMA) requires that all federal agencies develop and implement an agency-wide information security program designed to safeguard IT assets and data of the respective agency. FISMA is specific in its requirements and it stipulates that the information security program must include documentation and reports that clearly describe:

FISMA forces federal agencies to understand the security of their systems and holds them accountable for resolving deficiencies. The methodologies that have evolved to address FISMA compliance for the federal agencies are very beneficial to many other institutions in assessing the security of their own systems.

Methodologies

The three methodologies generally used for C & A are:

Defense Information Technology Systems Certification and Accreditation Process (DITSCAP). It is based on a publication known as Defense Information Systems Certification and Accreditation regulation Department of Defense (DoD) 5200.40. DITSCAP is used only for defense agencies, but civilian agencies may opt to apply DITSCAP principles.

National Information Assurance Certification and Accreditation Process (NIACAP). It is based on a process published by the National Security Telecommunications and Information System Security Instruction known as NSTISSI No. 1000.

National Institute of Standards and Technology (NIST), described in a document known as Special Publication 800-37 it C&A methodologies. This methodology is being embraced by most of the agencies and institutions for their C&A.

All three methodologies take into consideration the entire system, network, and application lifecycle from a security standpoint. In short, the C&A process is a manual audit of policies, procedures, controls, and contingency planning

Contact us for more information

 

           Home         About Us          Services          Solutions          Careers          Contact

Copyright 2021 AMZNET LLC. All rights reserved