[...]... chapters Chapter 1 (What Is Certification and Accreditation? ) explains what is meant by Certification and Accreditation and why the process is mandated by federal law The different Certification and Accreditation laws will be cited and discussed A brief history and chronology of the mandated laws will be included in the discussion Chapter 2 (Types of Certification and Accreditation) includes descriptions of... chapter: ■ Terminology ■ Audit and Report Cards ■ A Standardized Process ■ Templates, Documents, and Paperwork ■ Certification and Accreditation Laws Summarized 1 409_Cert_Accred_01.qxd 2 11/2/06 2:17 PM Page 2 Chapter 1 • What Is Certification and Accreditation? Introduction Certification and Accreditation is a process that ensures that systems and major applications adhere to formal and established security... xxv Chapter 1 What Is Certification and Accreditation? 1 Introduction 2 Terminology 3 Audit and Report Cards 6 A Standardized Process 7 Templates, Documents, and Paperwork 8 Certification and Accreditation Laws Summarized 9 Summary... DITSCAP, and DCID 6/3 Chapter 3 (Understanding the Certification and Accreditation Process) explains the logical steps that one goes through to prepare for a C&A audit/review It also explains the roles and responsibilities of the audit/review team, including the role of the reviewers, the accrediting authority, and the federal auditors/inspectors Chapter 4 (Establishing a Certification and Accreditation. .. compliance, and certification and accreditation with best-of-breed tools to provide effective security solutions to customers in the public and private sectors Matt uses his experience as a network administrator, IT manager, and security architect to deliver high-quality solutions for Project Performance Corporation’s clients Currently, he is supporting the US Patent and Trademark Office’s Certification and Accreditation. .. documented and authorized Informally known as C&A, Certification and Accreditation is required by the Federal Information Security Management Act (FISMA) of 2002 All systems and applications that reside on U.S government networks must go through a formal C&A before being put into production, and every three years thereafter Since accreditation is the ultimate output of a C&A initiative, and a system... systems, banking and financial systems, and agricultural and food and water supply systems to name only a few The entire C&A process is really nothing more than a standardized security audit, albeit a very complete standardized security audit Having worked in both private industry and on government networks, my experience indicates that contrary to what you read in the news, most private and public companies... to collect and have on hand in order to prepare your C&A review (e.g., the organizational security policies and procedures and the security organization structure) Information on whether to outsource the C&A review or do it in-house is also provided Chapter 6 (Preparing the Hardware and Software Inventory) includes a sample of a C&A asset inventory and how one should go about developing it and putting... Package.The Certification Package consists of a review and analysis of applications, systems, or a site—basically whatever it is that the agency wants accredited New applications and systems require accreditation before they can be put into production, and existing applications and systems require accreditation every three years Each agency shall develop, document, and implement an agency-wide information security... to information security than they did previously In 2002, FISMA was signed into law, creating more specific regulations for U.S federal agencies than those established by GISRA.Today, with FISMA, and the process known to support FISMA, Certification and Accreditation (C&A), agencies are far more diligent about assessing their security controls and vulnerabilities Despite what you may read in the news, . . . . .46 C&A Handbook Development . . . . . . . . . . . . . . . . . . . . . .46 What to Include in Your Handbook . . . . . . . . . . . . . . . .47 Who Should Write the Handbook? . . . . IMWQ295T6T PUBLISHED BY Syngress Publishing, Inc. 800 Hingham Street Rockland, MA 02370 FISMA Certification & Accreditation Handbook Copyright © 2007 by Syngress Publishing, Inc. All rights reserved Islands, and the Cook Islands. 409_Cert_Accred_FM.qxd 11/3/06 3:32 PM Page v 409_Cert_Accred_FM.qxd 11/3/06 3:32 PM Page vi vii Author Laura Taylor is Director of Security Certification and Accreditation