| Complete Coverage of Federally Mandated Certification and
Accreditation Requirements
C&A is still a nascent science, and although excellent
guidance exists on how to evaluate the risk exposure of
federal information systems, agencies are still working on
improving their C&A programs. C&A is, however, a large
endeavor. Although the process has been proven to reduce
risk to federal information systems, many folks new to C&A
don't know where to start or how to get going on their C&A
projects. Seasoned C&A experts continue to look for new
ideas on how to improve their existing processes. This book
is the first publication with numerous practical examples
than can help you step through the C&A process from
beginning to end. I wish this book had existed while I was
the Security Staff Director of the FDIC so that I could have
provided copies to my staff. - from the Foreword by Sunil J.
Porter, Former Security Staff Director of the FDIC
In This Book You Will Find:
What Is Certification and Accreditation?
Types of Certification and Accreditation
Understanding the Certification and Accreditation Process
Establishing a Certification and Accreditation Program
Developing a Certification Package
Preparing the Hardware and Software Inventory
Determining the Certification Level
Performing and Preparing the Self-Assessment
Addressing Security Awareness and Training Requirements
Addressing End-User Rules of Behavior
Addressing Incident Response
Performing the Security Tests and Evaluation
Conducting a Privacy Impact Assessment
Performing the Business Risk Assessment
Preparing the Business Impact Assessment
Developing the Contingency Plan
Performing a System Risk Assessment
Developing a Configuration Management Plan
Preparing the System Security Plan
Submitting the C&A Package
Evaluating the Certification Package for Accreditation
Addressing C&A Findings
Improving Your Federal Computer Security Report Card Scores
|
Biting the hand that feeds IT 
Published by: SYNGRESS MEDIA