2 cissp ® Official Study Guide Eighth Edition


Certification and Accreditation Systems



Download 19,3 Mb.
Pdf ko'rish
bet294/881
Sana08.04.2023
Hajmi19,3 Mb.
#925879
1   ...   290   291   292   293   294   295   296   297   ...   881
Bog'liq
(CISSP) Mike Chapple, James Michael Stewart, Darril Gibson - CISSP Official Study Guide-Sybex (2018)

Certification and Accreditation Systems
Two government standards are currently in place for the certification and accreditation of 
computing systems. The current DoD standard is 
Risk Management Framework (RMF)
(
http://www.esd.whs.mil/Portals/54/Documents/DD/issuances/dodi/855101p.pdf
), 
which recently replaced 
DoD Information Assurance Certification and Accreditation 
Process (DIACAP)
, which itself replaced the 
Defense Information Technology Security 
Certification and Accreditation Process (DITSCAP)
. The standard for all other U.S. gov-
ernment executive branch departments, agencies, and their contractors and consultants is 
the 
Committee on National Security Systems (CNSS) Policy (CNSSP)
(
https://www.cnss 
.gov/CNSS/issuances/Policies.cfm;
 scroll down to the CNSSP 22 link), which replaced 
National Information Assurance Certification and Accreditation Process (NIACAP)

However, the CISSP may refer to either the current standards or the previous ones. Both of 
these processes are divided into four phases:
Phase 1: Definition 
Involves the assignment of appropriate project personnel; documenta-
tion of the mission need; and registration, negotiation, and creation of a System Security 
Authorization Agreement (SSAA) that guides the entire certification and accreditation 
process
Phase 2: Verification 
Includes refinement of the SSAA, systems development activities
and a certification analysis
Phase 3: Validation 
Includes further refinement of the SSAA, certification evaluation 
of the integrated system, development of a recommendation to the DAA, and the DAA’s 
accreditation decision
Phase 4: Post Accreditation 
Includes maintenance of the SSAA, system operation, change 
management, and compliance validation
The NIACAP process, administered by the Information Systems Security Organization 
of the National Security Agency, outlines three types of accreditation that may be granted. 
The definitions of these types of accreditation (from National Security Telecommunications 
and Information Systems Security Instruction 1000) are as follows:

For a system accreditation, a major application or general support system is evaluated.

For a site accreditation, the applications and systems at a specific, self-contained loca-
tion are evaluated.

For a type accreditation, an application or system that is distributed to a number of 
different locations is evaluated.


Understand Security Capabilities of Information Systems 
309
Understand Security Capabilities 
of Information Systems
The security capabilities of information systems include memory protection, virtualization,
Trusted Platform Module (TPM), interfaces, and fault tolerance. It is important to care-
fully assess each aspect of the infrastructure to ensure that it sufficiently supports security. 
Without an understanding of the security capabilities of information systems, it is impos-
sible to evaluate them, nor is it possible to implement them properly.

Download 19,3 Mb.

Do'stlaringiz bilan baham:
1   ...   290   291   292   293   294   295   296   297   ...   881




Ma'lumotlar bazasi mualliflik huquqi bilan himoyalangan ©hozir.org 2024
ma'muriyatiga murojaat qiling

kiriting | ro'yxatdan o'tish
    Bosh sahifa
юртда тантана
Боғда битган
Бугун юртда
Эшитганлар жилманглар
Эшитмадим деманглар
битган бодомлар
Yangiariq tumani
qitish marakazi
Raqamli texnologiyalar
ilishida muhokamadan
tasdiqqa tavsiya
tavsiya etilgan
iqtisodiyot kafedrasi
steiermarkischen landesregierung
asarlaringizni yuboring
o'zingizning asarlaringizni
Iltimos faqat
faqat o'zingizning
steierm rkischen
landesregierung fachabteilung
rkischen landesregierung
hamshira loyihasi
loyihasi mavsum
faolyatining oqibatlari
asosiy adabiyotlar
fakulteti ahborot
ahborot havfsizligi
havfsizligi kafedrasi
fanidan bo’yicha
fakulteti iqtisodiyot
boshqaruv fakulteti
chiqarishda boshqaruv
ishlab chiqarishda
iqtisodiyot fakultet
multiservis tarmoqlari
fanidan asosiy
Uzbek fanidan
mavzulari potok
asosidagi multiservis
'aliyyil a'ziym
billahil 'aliyyil
illaa billahil
quvvata illaa
falah' deganida
Kompyuter savodxonligi
bo’yicha mustaqil
'alal falah'
Hayya 'alal
'alas soloh
Hayya 'alas
mavsum boyicha


yuklab olish