What is Certification and Accreditation (C&A)

Additional policy in support of FISMA is contained in Office of Management and Budget (OMB) Circular A-130, which requires all federal agencies to:

Periodically review the security controls in their information systems

  • Authorize system processing prior to operations, and, periodically thereafter.

The process of reviewing the management, operational and technical security controls of an information system is called Certification . The “authorization to operate,” given by a senior official and based on the results of the certification, is called Accreditation.

The NIST publications that define the Risk Management Framework have adopted new terminology for these processes.

  • The term Assessment (or, more completely, Security Controls Assessment) replaces the traditional term Certification
  • The term Authorization replaces the traditional term Accreditation.
 

Training

Our RMF training program consists of a one-day RMF Fundamentals class, followed by a three-day RMF In Depth class. The full four day program is offered on a regularly-scheduled basis at our training site in Colorado Springs, Huntsville and Washington, DC, with expansion to our other training sites nationwide planned for FY12. RMF training can also be provided at your site if you have a group of students (normally 8-10 or more). Click here for more information.

Consulting Services

RMF Resource Center offers a variety of consulting services to help government agencies and their contractors achieve FISMA compliance through implementation of RMF. We have consulting programs tailored to the needs of federal agencies, product manufacturers/vendors, and outsourced service providers. Click here for more information.

 

Signup to receive our Newsletter or view archived newsletters

Latest News

Preparation for the CAP (Certified Authorization Professional) examination is now included in our RMF training program.  The full four-day training program (RMF Fundamentals + RMF In-Depth) covers all seven domains in the CAP body of knowledge.

Find us on FacebookFollow us on Facebook

Follow us on LinkinFind us on Linked In