Table of Contents
Acknowledgments
Author
Contributing Author
Technical Editor
Foreword
Preface
Chapter 1: What Is Certification and Accreditation?
Chapter 2: Types of Certification and Accreditation
Chapter 3: Understanding the Certification and Accreditation Process
Chapter 4: Establishing a C&A Program
Chapter 5: Developing a Certification Package
Chapter 6: Preparing the Hardware and Software Inventory
Chapter 7: Determining the Certification Level
Chapter 8: Performing and Preparing the Self-Assessment
Chapter 9: Addressing Security Awareness and Training Requirements
Chapter 10: Addressing End-User Rules of Behavior
Chapter 11: Addressing Incident Response
Chapter 12: Performing the Security Tests and Evaluation
Chapter 13: Conducting a Privacy Impact Assessment
Chapter 14: Performing the Business Risk Assessment
Chapter 15: Preparing the Business Impact Assessment
Chapter 16: Developing the Contingency Plan
Chapter 17: Performing a System Risk Assessment
Chapter 18: Developing a Configuration Management Plan
Chapter 19: Preparing the System Security Plan
Chapter 20: Submitting the C&A Package
Chapter 21: Evaluating the Certification Package for Accreditation
Chapter 22: Addressing C&A Findings
Chapter 23: Improving Your Federal Computer Security Report Card Scores
Chapter 24: Resources
FISMA
OMB Circular A-130: Appendix III
FIPS 199
Index