Approved for public release; distribution is unlimited / The certification process can be defined as a comprehensive evaluation of all security features, both technical and nontechnical, of an information system. This process ensures that the system design and implementation meets a distinct set of prescribed security requirements. The accreditation of a system ensures that networks, applications, and operating systems that make up the system are running at an acceptable level of risk. The Designated Approving Authority (DAA) is responsible for deciding what systems to approve for accreditation, and assumes the responsibility for running the accredited system at an accepted level of risk. This analysis of the certification and accreditation process stresses the vital aspects of the process that are of special concern to the DAA. The mission drives the process, and influences the ultimate accreditation decision. The DAA must understand the fundamental aspects of the certification effort, and be able to weigh factors such as the funding, time, and other resources available for the effort, as well as understand the scope of the system as a whole. This thesis covers the vital aspects of certification and accreditation, and provides the new DAA with a guide to the process. / Naval Postgraduate School author (civilian).
Identifer | oai:union.ndltd.org:nps.edu/oai:calhoun.nps.edu:10945/903 |
Date | 06 1900 |
Creators | Stauffer, Natalie |
Contributors | Burke, Karen, Rasmussen, Craig, Computer Science |
Publisher | Monterey, California. Naval Postgraduate School |
Source Sets | Naval Postgraduate School |
Detected Language | English |
Type | Thesis |
Format | xiv, 52 p. ;, application/pdf |
Rights | This publication is a work of the U.S. Government as defined in Title 17, United States Code, Section 101. As such, it is in the public domain, and under the provisions of Title 17, United States Code, Section 105, may not be copyrighted. |
Page generated in 0.002 seconds