War is always a product of its age; and information systems are one of the primary drivers of war in the age of information. The tools and tactics used to fight the information war have evolved with advances in technology. So, it is no wonder that the tools and tactics needed to defend critical information systems must also evolve.
Certification and Accreditation Process
One of the tools in the defense toolkit is the process known as Certification and Accreditation (C&A). C&A stretches across the Department of Defense (DoD), the Office of the Director of National Intelligence (DNI), the Committee on National Security Systems (CNSS), the National Institute of Standards and Technology (NIST) and the Office of Management and Budget (OMB).
It can be an extremely effective risk-based process in ensuring the implementation of the measures necessary to protect devices, systems and networks. It is therefore essential, for information security professionals to understand this huge and complex body of work, in order to establish and maintain a secure information environment.
New C&A practices reduce redundant activity
The new C&A practices will reduce redundant activity and unnecessary documentation, and will shorten the overall process that has historically affected DoD procurement. The new procedures will also ensure system certifications and accreditations accomplished by one agency are valid for all agencies.
A comprehensive and authoritative guide to C&A
This book is the first comprehensive manual to explain the current standards and best practices. The book provides all the information needed to recognize, implement and manage the relevant authorization requirements, and therefore to achieve compliance with federal, local and agency laws and policies. Each chapter not only provides a list of related references but also offers recommendations for additional reading. Ideal for security practitioners, system administrators, managers, standards developers, evaluators and testers, no other book provides such authoritative guidance on these emerging requirements.
What others are saying about this book...
'Book is easy to read and easy to follow. The author clearly identifies the major points of C&A. An excellent material for our MBA669A (Principles of Information Security Management) class'. Jeralyn Pasinabo, University of Dayton
'This book is excellent for real world techniques for employing best practices for security… very well laid out and has lots of important points.'
'This textbook was very detailed, yet easy to follow… I would highly recommend The Definitive Guide to the C&A Transformation.' Letitia Sharp (amazon.com review)