All Security & Privacy charts displayed on the JDBiggs & Associates website are for informational purposes only and do not reflect the most current release.
Certification & Accreditation (C&A) activities are performed on Major Applications, General Support Systems, Critical and Listed systems. This occurs when the system has (1) Significant Change as defined by NIST SP 800-37 rev. 1, (2) Specified Time Period (Every 3 Years), or (3) New Authorizing Official directs this action.
This chart graphically communicates the four phases of the C&A process, as defined by the NIST Special Publication 800-37. When performing C&A on a Major Application, General Support System, Critical or Listed System, a series of security program artifacts are reviewed and their content information is validated through stakeholder involvement, Security Test & Evaluation (ST&E) and relevent documentation reviews. This chart describes the four phases, associated tasks, activities and stakeholder responsibilities.
The green color identifies the certification agent responsibilities during the intiation and certification phases. An Agency or Commercial organization should use this chart to create the C&A Manual, educate security and privacy professionals, and standardize C&A activities. Additional uses of this chart include:
- Development and Validation of your C&A Policies, Standards, and Manual/Guide
- Defining Roles and Responsibilities
- Developing Project Management Plan
- Educating Stakeholders, System Owners and Security & Privacy Professionals
- Human Resources - Conducting Resume Reviews and Candidate Interviews