1 / 1

System Owner = Information Owner / Hardware Owner (Division Chief)

Census Certification and Accreditation Tasks. Phase 1 – Task 2. Phase 1 – Task 3. Phase 2 – Task 4. Phase 2 – Task 5. Phase 2 – Task 6. Phase 1 – Task 1. Initiation. Initiation. Initiation. Certification. Certification. Certification. Update / Prepare Documentation.

rasha
Download Presentation

System Owner = Information Owner / Hardware Owner (Division Chief)

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Census Certification and Accreditation Tasks Phase 1 –Task 2 Phase 1 –Task 3 Phase 2 –Task 4 Phase 2 –Task 5 Phase 2 –Task 6 Phase 1 –Task 1 Initiation Initiation Initiation Certification Certification Certification Update / Prepare Documentation Notify Officials & Identify Resources Analyze, Update & Accept System Security Plan Assess & Evaluate Security Controls Document Security Certification Changes, Actions Required ? 1. Categorize system C.I.A. (FIPS-199) 2. Complete/update system Risk Assessment (800-30) 3. Complete/update SSP (800-18) 4. Complete/update system Self Assessment (800-26) 5. Complete/update system Contingency Plan (800-34) 1. Notify Authorizing Official, CIO, Certification Agent 2. Identify Resources Needed 1. Review Security C.I.A. Categorizations 2. Analyze Security Plan 3. Update Security Plan 4. Request Certification and Accreditation from Certification Agent 1. Acceptance of system C&A package by Certification Agent 2. Prepare Documentation & Supporting Materials 3. Review Methods and TestProcedures 4. Assess & Evaluate In- Place Security Controls 5. Report Security Assessment Results 1. Provide Findings and Recommendations 2. Certify system 3. Recommend Accreditation 1. Update package updates 2. Prepare Plan of Action & Milestones 3. Assemble Accreditation Package 4. Submit package for Accreditation Phase 4 –Task 9 Phase 4 –Task 10 Phase 4 –Task 11 Phase 3 –Task 7 Phase 3 –Task 8 Accreditation Accreditation Monitoring Monitoring Monitoring Make Security Accreditation Decision Document Security Accreditation Manage & Control Configuration Monitor Security Controls Report & Document Status 1. Determine Final Risk Levels 2. Accept Residual Risk 1. Sign and Transmit Security Accreditation Package • Update System Security Plan to reflect accreditation status • 2. Document System • Changes • 3. Analyze Security • Impacts 1. Select In-Place Security Controls 2. Assess Selected Security Controls 1. Update Security Plan 2. Update Plan of Action & Milestones 3. Report Status Primary Responsibility System Owner = Information Owner / Hardware Owner (Division Chief) Certification Agent = Chief, ITSO Authorizing Official = Associate Director (DAA) System Owner = Information Owner / Hardware Owner (Division Chief)

More Related