An introduction to certification and accreditation for new accreditors

Download
Author
Stauffer, Natalie
Date
2003-06Advisor
Burke, Karen
Rasmussen, Craig
Metadata
Show full item recordAbstract
The certification process can be defined as a comprehensive evaluation of all security features, both technical and nontechnical, of an information system. This process ensures that the system design and implementation meets a distinct set of prescribed security requirements. The accreditation of a system ensures that networks, applications, and operating systems that make up the system are running at an acceptable level of risk. The Designated Approving Authority (DAA) is responsible for deciding what systems to approve for accreditation, and assumes the responsibility for running the accredited system at an accepted level of risk. This analysis of the certification and accreditation process stresses the vital aspects of the process that are of special concern to the DAA. The mission drives the process, and influences the ultimate accreditation decision. The DAA must understand the fundamental aspects of the certification effort, and be able to weigh factors such as the funding, time, and other resources available for the effort, as well as understand the scope of the system as a whole. This thesis covers the vital aspects of certification and accreditation, and provides the new DAA with a guide to the process.
Rights
This publication is a work of the U.S. Government as defined in Title 17, United States Code, Section 101. Copyright protection is not available for this work in the United States.Collections
Related items
Showing items related by title, author, creator and subject.
-
A Program for Education in Certification and Accreditation
Rasmussen, Craig W.; Irvine, Cynthia E.; Dinolt, George W.; Levin, Timothy E. (DARPA DISCEX Conference, April 2003, 2003-04-00);Large complex systems need to be analyzed prior to operation so that those depending upon them for the protection of their information have a well defined understanding of the measures that have been taken to achieve ... -
Metric methodology for the creation of environments and processes to certify a component : specifically the Naval Research Laboratory Pump
Rich, Ronald P.; Holmgren, Jonathan S. (Monterey, California. Naval Postgraduate School, 2003-06);A of the NP, but the key requirement for Certification and Accreditation is the creation of a Protection Profile and an understanding of the DITSCAP requirements and process. This thesis creates a Protection Profile for ... -
An approach to vulnerability assessment for Navy Supervisory Control and Data Acquisition (SCADA) system
Hart, Dennis (Monterey, California. Naval Postgraduate School, 2004-09);The unfortunate events of September 11, 2001 have caused a renewed effort to protect our Nation's Critical Infrastructures. SCADA systems are relied upon in a large number of the sectors that make up the critical infrastructure ...