Certification And Accreditation
Sponsored Listings from TermPapersMonthly.com
Submitted by hrpaperstacks on 12/12/2010 03:22 PM Flag This Paper
Join Now- Category:
- Technology
- Words | Pages:
- 1333 | 6
- Views:
- 182
-
Certification And Accreditation
The Certification and Accreditation exercise is essential for proper Federal Information Security Management Act (FISMA) reporting of systems and applications. The intention of the FISMA is to elevate the security of United States Government information systems. Previously, each agency had its own idea of certification and accreditation. All agencies are now accountable at the exact same level. Agency management and project teams should be aware of the development of the Certification and Accreditation package. When all essential personnel are involved in C & A, it is easier to correctly document the complete enterprise. Every device in the enterprise must be represented. Firewalls are vital security devices that provide the protection of the outer layer for the enterprise environment.
A general support system is an information resource under the influence or control of similar functionalities. Using a template will ensure consistency. For any general support system or major application, the certification and accreditation procedures must function in the same manner. The Certification and Accreditation (C & A) Guide for the Enterprise will become a repeatable process when the procedures become second nature. Every governmental department, bureau and agency is responsible for conducting certification efforts.
Certification is through an assessment of the technical and non-technical security features. Accreditation is management’s decision by a senior agency official to authorize operation of an information system. Accreditation is also the decision of management to accept the risk to the agency for the operation of an information system. The signing official should have the authority over the budget and business of the information system. Required by OMB Circular A-130, Appendix III, accreditation provides a form of quality control and challenges managers and technical staffs at all levels to implement the most effective security controls possible in an...