Sign Up Now
Get instant access to over 1 million+ study documents
OR
Already registered? click here to login
By creating your account, you agree to our terms of service, privacy policy and student honor code.
Three categorization levels of security exist and are defined as follows:
This table has the definitions the three main security categorizations degree of effort based on them
This table shows the required SSP sections that are needed for systems in each of security categorizations.
When the initiation phase comes to an end, then the certification phase commences.
Certification
06/01
In this phase, the team mandated with certification evaluates the entire information system in order to determine whether the security requirements have been satisfied. They then proceed to identify any deficiencies or vulnerabilities. The corrections of the deficiencies/vulnerabilities that are severe enough to prevent system operation from being approved are a responsibility of the System Owner
System Security Plan. The SSP must bear a reflection the current system status. If there are modifications to the system security controls due to the certification evaluation process, then the System Owner is supposed to update the SSP in order to reflect these modifications.
Security Assessment Report. This is the report compiled by thecertification team detailing the security evaluation, and the extent to which the idesigned nformation system can satisfy the security requirements.
Plan of Action and Milestones. This is a description of all the measures that are implemented or planned in order to correct the deficiencies and to reduce or eliminate totally the vulnerabilities. The System Owner then makes a documentation of the deficiencies/vulnerabilities that identified by the certification team. For the deficiencies or vulnerabilities that are not severe enough to require immediate solution, the System Owner then is forced to documents the corrective action that is planned for completion when the evaluated system gets a teemporary authorization in order to operate from the DAA.
When the certification phase ends and the System Owner is then ready to send the accreditation package to the DAA.What begins next is the accreditation phase
Accreditation
The accreditation phase has the purpose to determining if the information system...
The System Owner then transmits the package for accreditation to the DAA. When the security accreditation package by the DAA, he or evaluates status of the system the makes a decision. The DAA can the issue decisions:
Authorization to Operate (ATO). The information system is given the go ahead to operate without any form of limitations or restrictions.
Interim Authorization to Operate (IATO). The information system is allowed to operate within limited period of time at a greater risk to PONTIUS, errors are corrected in the process.
Denial of Authorization to Operate (DATO). The information system is never allowed to operate.
Certification and Accreditation Flow chart
This drawing illustrates the four phases that are involved in a C & a processes as described in this document. Each phase is color coded so as to correspond to the first chart found that is found on this article paper.
References
Public Law (1995.), Paperwork Reduction Act of 1995.
FIPS PUB 199 (2003), Standards for Security Categorization of Federal Information and Information Systems, December 2003.
NIST SP 800-18 (1998), Guide for Developing Security Plans for Information Systems, December, 1998.
NIST SP 800-30 (2002), Risk Management Guide for Information Technology Systems, January 2002.
Tundra Energy Flow Chart Arctic Willow Bacteria Lemming Arctic Wolves Snowy Owl The base of the tundra ecosystem's energy flow is the Arctic willow, a small aquatic plant which grows because of a bacterial process in which nutrients from its body are returned to the surrounding soil. Because animals are unable to derive solar energy directly from sunlight in the tundra, they are forced to depend entirely on plants, which absorb solar energy and utilize it
Customer satisfaction is a key driving factor in medicine today. In order to offer the best customer service to VA patients, physicians should take additional time with each patient to full discuss the diagnosed disorder, allow the patient to describe all concerns and feelings, and educate the patient on the side effects and importance of continuing their medication. Other effective measures include empowering the patients to advocate for themselves by
Kudler Fine Foods has expressed a desire to track purchases at the individual customer level. The basic process by which this will work is this. At the checkout, the customer will bring the items for purchase. The existing system can log what purchase are made, and what purchases are made together. That is data already gathered. What Kudler wishes to build into this system is its loyalty program. This additional
Flow Charting Processes Jack shows us a flow chart of the new warehouse system this week. What does a flow chart tell us? How can we use that information? A flow chart is a way of representing information symbolically and in diagrammatic ways. It provides a means of standardizing operations and procedures so that different types of inputs are associated automatically with corresponding outputs. That way, processes that occur many times
Gantt chart is "a graphical representation of the duration of tasks against the progression of time" A project is made up of a set of different tasks and for each task there is an allocated period of completion. For example, a programming project may have the following steps: planning, researching programming language, the actual programming phase, beta testing and final report and release. In order to follow each of these tasks, a
Microsoft Visio to Create an Organizational Chart Defined Purpose and Audience This project is a fundamental guide for using Microsoft Visio to create an organizational chart. It is designed for first-time users and people who have limited time, as it focuses most often commonly used features. This guide shows the users how to use Microsoft Visio without relying on technical jargon, by providing simple explanations and lists of numbered steps that