An introduction to certification and accreditation for new accreditors
MetadataShow full item record
The certification process can be defined as a comprehensive evaluation of all security features, both technical and nontechnical, of an information system. This process ensures that the system design and implementation meets a distinct set of prescribed security requirements. The accreditation of a system ensures that networks, applications, and operating systems that make up the system are running at an acceptable level of risk. The Designated Approving Authority (DAA) is responsible for deciding what systems to approve for accreditation, and assumes the responsibility for running the accredited system at an accepted level of risk. This analysis of the certification and accreditation process stresses the vital aspects of the process that are of special concern to the DAA. The mission drives the process, and influences the ultimate accreditation decision. The DAA must understand the fundamental aspects of the certification effort, and be able to weigh factors such as the funding, time, and other resources available for the effort, as well as understand the scope of the system as a whole. This thesis covers the vital aspects of certification and accreditation, and provides the new DAA with a guide to the process.
Approved for public release; distribution is unlimited
Showing items related by title, author, creator and subject.
Rasmussen, Craig W.; Irvine, Cynthia E.; Dinolt, George W.; Levin, Timothy E. (DARPA DISCEX Conference, April 2003, 2003-04-00);Large complex systems need to be analyzed prior to operation so that those depending upon them for the protection of their information have a well defined understanding of the measures that have been taken to achieve ...
Metric methodology for the creation of environments and processes to certify a component : specifically the Naval Research Laboratory Pump Rich, Ronald P.; Holmgren, Jonathan S. (Monterey, California. Naval Postgraduate School, 2003-03);A of the NP, but the key requirement for Certification and Accreditation is the creation of a Protection Profile and an understanding of the DITSCAP requirements and process. This thesis creates a Protection Profile for ...
An approach to vulnerability assessment for Navy Supervisory Control and Data Acquisition (SCADA) system Hart, Dennis (Monterey, California. Naval Postgraduate School, 2004-09);The unfortunate events of September 11, 2001 have caused a renewed effort to protect our Nation's Critical Infrastructures. SCADA systems are relied upon in a large number of the sectors that make up the critical infrastructure ...