Certification and Accreditation
Certification and Accreditation is a term used within the federal government sector to identify the process to compliance with the Federal Information Systems Management Act (FISMA). The public, Department of Defense, Health Care Providers, Legal, and Financial sectors require similar “Certification” processes. Regardless, the outcome of each of the “Audit” processes is; Security certification and accreditation are important activities that support a risk management process and are an integral part of an agency’s information security program. First, let’s explore the meaning:
- Certification - The Certification Phase consists of two tasks:
- security control assessment; and
- security certification documentation. The purpose of this phase is to determine the extent to which the security controls in the information system are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting the security requirements for the system.
- Accreditation - The Security Accreditation Phase consists of two tasks:
- security accreditation decision; and
- security accreditation documentation. The purpose of this phase is to determine if the remaining known vulnerabilities in the information system (after the implementation of an agreed-upon set of security controls) pose an acceptable level of risk to agency operations, agency assets, or individuals.
Each of the above mentioned topic areas will be covered within the coming months to assist people in identifying with the mandated requirements of infrastructure security and the application of “Due Care” and “Due Diligence”.
The Certification and Accreditation by James Scholz, unless otherwise expressly stated, is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 United States License.
Comments
Leave a Reply
You must be logged in to post a comment.
Subscribe through Feedburner
