What is Certification and Accreditation (C&A)Additional policy in support of FISMA is contained in Office of Management and Budget (OMB) Circular A-130, which requires all federal agencies to: Periodically review the security controls in their information systems
The process of reviewing the management, operational and technical security controls of an information system is called Certification . The “authorization to operate,” given by a senior official and based on the results of the certification, is called Accreditation. The NIST publications that define the Risk Management Framework have adopted new terminology for these processes.
|
Security Authorization (C&A) of Federal, DoD, and IC Information Systems