Skip to site content

California Area Office logoCalifornia Area Office

Where can I learn more about the certification and accreditation process?

All federal agencies are now in a perpetual Security Certification and Accreditation (C&A) process. This effort is mandated by the Federal Information Systems Management Act (FISMA), HIPAA, OMB Circular a-130, and other policy drivers.

Congress also mandated that interpretation and structure be given to their mandate by the National Institute of Standards and Technology (NIST).

These NIST documents are collectively known as the "800 series". They cover everything from secure wireless to post-security incident forensics and evidence "chain-of-custody" issues.

Among the most important 800 publications are:

800-53 Security Controls
800-100 Information Security Handbook: A Guide for Managers
800-37 Guide for the Security Certification and Accreditation of Federal Information Systems

Site Managers and security personnel can use this link to view all the instructional documentation that informs the various components of a C&A package: Exit Disclaimer â?? You Are Leaving