Warning: Parameter 1 to Language::getMagic() expected to be a reference, value given in /home/govitwik/public_html/w/includes/StubObject.php on line 58
Certification and Accreditation - GovITwiki

Certification and Accreditation

From GovITwiki

Jump to: navigation, search

Certification and Accreditation pulls its authority from two major areas of guidance. The Federal Information Security Management Act (FISMA) of 2002, November 25, 2002, and Office of Management and Budget (OMB) Circular A-130, Management of Federal Information Resources. FISMA is the law, and OMB Circular is the OMB policy requiring all federal agencies to follow it.

Appendix III to OMB Circular No. A-130 - Security of Federal Automated Information Resources, outline security guidelines for secure information systems which includes the following:

•all federal information systems to have security plans

•systems to have formal emergency response capabilities

•a single individual to have responsibility for operational security

•Federal Management and Fiscal Integrity Act reports to Congress be made in regards to the security of the system

•security awareness training be available to all government users, administrators of the system

•regular review and improvement upon contingency plans for the system to be done

Specific guidance for certification and accreditation can be found from two sources, The Department of Defense, and the National Institute of Standards and Technology.

The Department of Defense utilizes the Defense Information Assurance Certifications and Accreditation Process (DIACAP), and NIST utilizes NIST Special Publication 800-37, Guide for the Security Certification and Accreditation of Federal Information Systems

External Links

OMB Circular No. A-130 in PDF

Personal tools