California Area OfficeWhere can I learn more about the certification and accreditation process?
All federal agencies are now in a perpetual Security Certification and Accreditation (C&A) process. This effort is mandated by the Federal Information Systems Management Act (FISMA), HIPAA, OMB Circular a-130, and other policy drivers.
Congress also mandated that interpretation and structure be given to their mandate by the National Institute of Standards and Technology (NIST).
These NIST documents are collectively known as the "800 series". They cover everything from secure wireless to post-security incident forensics and evidence "chain-of-custody" issues.
Among the most important 800 publications are:
800-53 Security Controls
800-100 Information Security Handbook: A Guide for Managers
800-37 Guide for the Security Certification and Accreditation of Federal Information Systems
Site Managers and security personnel can use this link to view all the instructional documentation that informs the various components of a C&A package:
