AMZNET Web





		CERTIFICATION AND ACCREDITATION
		All federal agencies in the United States are required to have their IT systems and infrastructure certified and accredited. This certification and accreditation process is more informally known as C&A. Background and Purpose Title III of the E-Government Act (Public Law 107-347) entitled Federal Information Security Management Act (FISMA) requires that all federal agencies develop and implement an agency-wide information security program designed to safeguard IT assets and data of the respective agency. FISMA is specific in its requirements and it stipulates that the information security program must include documentation and reports that clearly describe: plan for security information security policies and procedures an assessment of threats and vulnerabilities, including their likelihood and impact evaluation of the technical, management, and operational security controls periodically test and review the security policies and controls procedures for reporting and responding to security incidents security awareness training contingency plans to ensure business continuity in the face of a disaster FISMA forces federal agencies to understand the security of their systems and holds them accountable for resolving deficiencies. The methodologies that have evolved to address FISMA compliance for the federal agencies are very beneficial to many other institutions in assessing the security of their own systems. Methodologies The three methodologies generally used for C & A are: DITSCAP NIACAP NIST Defense Information Technology Systems Certification and Accreditation Process (DITSCAP). It is based on a publication known as Defense Information Systems Certification and Accreditation regulation Department of Defense (DoD) 5200.40. DITSCAP is used only for defense agencies, but civilian agencies may opt to apply DITSCAP principles. National Information Assurance Certification and Accreditation Process (NIACAP). It is based on a process published by the National Security Telecommunications and Information System Security Instruction known as NSTISSI No. 1000. National Institute of Standards and Technology (NIST), described in a document known as Special Publication 800-37 it C&A methodologies. This methodology is being embraced by most of the agencies and institutions for their C&A. All three methodologies take into consideration the entire system, network, and application lifecycle from a security standpoint. In short, the C&A process is a manual audit of policies, procedures, controls, and contingency planning Contact us for more information
Home About Us Services Solutions Careers Contact
Copyright © 2021 AMZNET LLC. All rights reserved