"Providing an overview of certification and accreditation, the second edition of this officially sanctioned guide demonstrates the practicality and effectiveness of C&A as a risk management methodology for IT systems in public and private organizations. It enables readers to document the status of their security controls and learn how to secure IT systems via standard, repeatable processes. The text describes what it takes to build a certification and accreditation program at the organization level and then analyzes various C&A processes and how they interrelate. A case study illustrates the successful implementation of certification and accreditation in a major U.S. government department. The appendices offer a collection of helpful samples"--

"There are many elements that make system authorization complex. This book focuses on the processes that must be employed by an organization to establish a system authorization program based on current federal government criteria. Although the roots of this book address various federal requirements, the process developed and presented can be used by nongovernment organizations to address compliance and the myriad laws, regulations, and standards currently driving information technology security. The key to reaching system authorization nirvana is understanding what is required and then implementing a methodology that will achieve those requirements. The top-down methodology presented in this book provides the reader with a practical approach for completion of such an undertaking. By demystifying government requirements, this book presents a simplified, practical approach to system authorization"--