Recognizing the Need for Certification

by Hemant Baidwan.
Share
|
Homepage | Submit your article | Contact | TOS
More articles on branding and certification  

You are here: Categories » Business » Branding and certification

All general support systems and major applications are required by FISMA and the Office of Management and Budget (OMB) to be fully certified and accredited before they are put into production. Production systems and major applications are required to be reaccredited every three years. Going forward we will refer to systems that require C&A (e.g., general support systems and major applications) simply as information systems.

One of the primary objectives of C&A is to force the authorizing official to understand the risks an information system poses to agency operations. Only after understanding the risks can an authorizing official ensure that the information system has received adequate attention to mitigate unacceptable risks. Evaluating risk and documenting the results is something that should be incorporated throughout a system or application’s system development lifecycle. NIST has defined the system development lifecycle to consist of five phases:

1. System initiation

2. Development and acquisition

3. Implementation

4. Operation and maintenance

5. Disposal

FISMA mandates that new systems and applications need to be fully certi- fied and accredited before they can be put into production.The best time to begin the C&A of new systems and applications is while they are still in development. It is easiest to design security into a system that has not yet been built. When new information systems are being proposed and designed, part of the development should include discussions on “What do we need to do to ensure that this information system can be certified and accredited?” After a new application is built and ready to be implemented is not the time to figure out if it will withstand a comprehensive certification review.

Legacy systems that are already in their operational phase are harder to certify and accredit because it is altogether possible that they were put into production with little to no security taken into consideration. In putting together the Certification Package for a legacy system, it may be discovered that adequate security controls have not been put into place. If it becomes clear that adequate security controls have not been put into place, the C&A project leader may decide to temporarily put on hold the development of the Certification Package while adequate security controls are developed and implemented. It makes little sense to spend the resources to develop a Certification Package that recommends that an information system not be accredited. However, coming to an understanding that an information system has not been properly prepared for accreditation is precisely one reason why C&A exists—it is a process that enables authorizing officials to discover the security truths about their infrastructure so that informed decisions can be made.

Share
Leave a comment or ask a question
Total comments: 0

Branding and certification Disclaimer

  • The e-articles directory is not responsible for any and all copyright infringements by writers and authors. If you suspect the information contained by this page for any copyright infringements, please contact us to investigate the issue
Tips and techniques to get through the CISA certification test - Acquiring a worldwide recognition CISA (certified information systems auditor) certification has become a preference for Information S (more...)
Textile Pattern designing - Patterns are creative styles which brings feature of success in designing. We all know that designing is not only specific to any particular domain. It is spread all around at least in the fashion (more...)
Branding: How to succeed - Brand Management Overview The application of marketing methods in respect of a particular product, range of pr (more...)
Buying and selling Rolex watches - Today, millions of people are buying and selling Rolex watches and other fine timepieces over the internet. It is said that Rolex produces around 650,000 to 800,000 watches annually. Sadly enough (more...)
Building Your Brand - Branding is an advertising and promoting pursuit. As such, it occupies some of the most creative professionals in business. Each branding guru has his or her own idea about the definition of bran (more...)
Getting the Most Out of Workshops - There are four levels by which workshops are evaluated: Level 1 — Did participants enjoy the experience? Level 2 — Did participants learn? Lev (more...)
What Is a Brand - A brand is not a name or a logo or a color scheme or a design layout or a tag line or an advertising theme. A brand lives in the customer’s perception. A brand is not what the markete (more...)
The Nature of Brands - To ensure a sojourn at the branding altar free from sin, it's vital to understand what a brand is. First, it is not, nor can it ever be, a product or service. This is a concept difficult for (more...)
The Sins of Branding - Even those who have learned that a brand is a symbol, often fall into error by failing to understand that a brand can only arise from two sources. The first is as a result of product success. M (more...)
A LOGO Means Your Brand Identity - A graphic logo design is your company's first and last impression on customers, potential consumers and partners alike. It establishes your brand's identity and serves as brand recall. In short, (more...)
 
free content
    Copyright © 2006 - 2012 e-articles.info.
The texts, articles and tutorials in the directory are property of their respective owners and authors.