Definitive Guide to the C&A Transformation Process (PDF)

Learn more about establishing and maintaining a secure information environment...War is always a product of its age; and information systems are one of the primary drivers of war in the age of information.The tools and tactics used to fight the information war have evolved with advances in technology. So, it is no wonder that the tools and tactics needed to defend critical information systems must also evolve.Certification and Accreditation ProcessOne of the tools in the defense toolkit is the process known as Certification and Accreditation (C&A). C&A stretches across the Department of Defense (DoD), the Office of the Director of National Intelligence (DNI), the Committee on National Security Systems (CNSS), the National Institute of Standards and Technology (NIST) and the Office of Management and Budget (OMB).It can be an extremely effective risk-based process in ensuring the implementation of the measures necessary to protect devices, systems and networks. It is therefore essential, for information security professionals to understand this huge and complex body of work, in order to establish and maintain a secure information environment.New C&A practices reduce redundant activityThe new C&A practices will reduce redundant activity and unnecessary documentation, and will shorten the overall process that has historically affected DoD procurement. The new procedures will also ensure system certifications and accreditations accomplished by one agency are valid for all agencies.A comprehensive and authoritative guide to C&AThis book is the first comprehensive manual to explain the current standards and best practices. The book provides all the information needed to recognize, implement and manage the relevant authorization requirements, and therefore to achieve compliance with federal, local and agency laws and policies. Each chapter not only provides a list of related references but also offers recommendations for additional reading. Ideal for security practitioners, system administrators, managers, standards developers, evaluators and testers, no other book provides such authoritative guidance on these emerging requirements.