Synopses & Reviews
Complete Coverage of Federally Mandated Certification and Accreditation Requirements
C&A is still a nascent science, and although excellent guidance exists on how to evaluate the risk exposure of federal information systems, agencies are still working on improving their C&A programs. C&A is, however, a large endeavor. Although the process has been proven to reduce risk to federal information systems, many folks new to C&A don't know where to start or how to get going on their C&A projects. Seasoned C&A experts continue to look for new ideas on how to improve their existing processes. This book is the first publication with numerous practical examples than can help you step through the C&A process from beginning to end. I wish this book had existed while I was the Security Staff Director of the FDIC so that I could have provided copies to my staff. - from the Foreword by Sunil J. Porter, Former Security Staff Director of the FDIC
In This Book You Will Find:
What Is Certification and Accreditation? Types of Certification and Accreditation Understanding the Certification and Accreditation Process Establishing a Certification and Accreditation Program Developing a Certification Package Preparing the Hardware and Software Inventory Determining the Certification Level Performing and Preparing the Self-Assessment Addressing Security Awareness and Training Requirements Addressing End-User Rules of Behavior Addressing Incident Response Performing the Security Tests and Evaluation Conducting a Privacy Impact Assessment Performing the Business Risk Assessment Preparing the Business Impact Assessment Developing the Contingency Plan Performing a System Risk Assessment Developing aConfiguration Management Plan Preparing the System Security Plan Submitting the C&A Package Evaluating the Certification Package for Accreditation Addressing C&A Findings Improving Your Federal Computer Security Report Card Scores
Synopsis
The only book that instructs IT Managers to adhere to federally mandated certification and accreditation requirements.
This book will explain what is meant by Certification and Accreditation and why the process is mandated by federal law. The different Certification and Accreditation laws will be cited and discussed including the three leading types of C&A: NIST, NIAP, and DITSCAP. Next, the book explains how to prepare for, perform, and document a C&A project. The next section to the book illustrates addressing security awareness, end-user rules of behavior, and incident response requirements. Once this phase of the C&A project is complete, the reader will learn to perform the security tests and evaluations, business impact assessments system risk assessments, business risk assessments, contingency plans, business impact assessments, and system security plans. Finally the reader will learn to audit their entire C&A project and correct any failures.
* Focuses on federally mandated certification and accreditation requirements
* Author Laura Taylor's research on Certification and Accreditation has been used by the FDIC, the FBI, and the Whitehouse
* Full of vital information on compliance for both corporate and government IT Managers