The Authorizing Official And The Accreditation Decision
•Download as PPT, PDF•
1 like•1,909 views
Accreditation of US Federal Government IT systems is one of many critical aspects of maintaining an Enterprise Security Program at a Federal Agency. It is a very public metric (think FISMA Report Card.) This has led many to decry Certification and Accreditation (C&A) as strictly a paper exercise. However, when administered correctly, it is probably the best risk management tool available to government executives as it forces the agency to identify/classify systems according to criticality and perform an in-depth examination of every system identified.
![Who is Michael Smith? ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]](data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7)
Recommended
More Related Content
What's hot
What's hot (20)
Viewers also liked
Similar to The Authorizing Official And The Accreditation Decision
Similar to The Authorizing Official And The Accreditation Decision (20)
More from Michael Smith
Recently uploaded
Recently uploaded (20)
The Authorizing Official And The Accreditation Decision
- 1. Making the Choice: ATO, IATO, or Denial The Role of the Authorizing Official/Designated Approving Authority and the Accreditation Decision
- 12. IT Security in the SDLC --NIST SP 800-64
- 15. Accreditation Decision Scenarios Playing the “Armchair Authorizer”
Editor's Notes
- The following presentation contains insights and opinions gathered from over 40 years of combined experience in the government INFOSEC space. It’s interspersed with some humor – security presentations can be pretty dry without it. We hope that this presentation will provide you with some insight and understanding of the role of the AO/DAA and the larger process of arriving at an accreditation decision.