ABSTRACT
This chapter presents an overview of the certification and accreditation (C&A) process, including key personnel, components, and activities within the process that contribute to its success in implementation. The implementation of a C&A process within industry for information technology systems will support cost-effective, risk-based management of those systems and provide a level of security assurance that can be known (proven). Certification involves all appropriate security disciplines that contribute to the security of a system, including administrative, communications, computer, operations, physical, personnel, and technical security. The C&A is a repeatable process that can ensure an organization that an appropriate combination of security measures is correctly implemented to address the system’s threats and vulnerabilities. The performance of certification and accreditation is well established within the federal government sector, its civil agencies, and the Department of Defense. The timely, accurate, and effective implementation of a C&A initiative for a system is a choreography of people, activities, documentation, and schedules.
