Book provides complete coverage of federally mandated certification and accreditation requirements.

According to Sunil J. Porter, Former Security Staff Director of the FDIC, “C&A is still a nascent science, and although excellent guidance exists on how to evaluate the risk exposure of federal information systems, agencies are still working on improving their C&A programs. C&A is, however, a large endeavor. Although the process has been proven to reduce risk to federal information systems, many folks new to C&A don’t know where to start or how to get going on their C&A projects. Seasoned C&A experts continue to look for new ideas on how to improve their existing processes. FISMA Certification & Accreditation Handbook is the first publication with numerous practical examples than can help you step through the C&A process from beginning to end. I wish this book had existed while I was the Security Staff Director of the FDIC so that I could have provided copies to my staff.”

Inside the Book

• Types of Certification and Accreditation
• Understanding the Certification and Accreditation Process
• Establishing a Certification and Accreditation Program
• Developing a Certification Package
• Preparing the Hardware and Software Inventory
• Determining the Certification Level
• Performing and Preparing the Self-Assessment
• Addressing Security Awareness and Training Requirements
• Addressing End-User Rules of Behavior
• Addressing Incident Response
• Performing the Security Tests and Evaluation
• Conducting a Privacy Impact Assessment
• Performing the Business Risk Assessment
• Preparing the Business Impact Assessment
• Developing the Contingency Plan
• Performing a System Risk Assessment
• Developing a Configuration Management Plan
• Preparing the System Security Plan
• Submitting the C&A Package
• Evaluating the Certification Package for Accreditation
• Addressing C&A Findings
• Improving Your Federal Computer Security Report Card Scores

About the Author
Laura Taylor is Relevant Technologies’ President and CEO. Her research has been used by the FDIC, the FBI, the White House, and numerous publicly held Fortune 500 companies. Ms. Taylor has provided information security consulting services to some of the largest financial institutions in the world, including the Internal Revenue Service, the U.S. Treasury, and National Westminster Bank, a division of the Royal Bank of Scotland.

Matt Shepherd (CISSP, MCSE, GCFW, GSEC) is a consultant for Project Performance Corporation of McLean, VA. Project Performance Corporation synthesizes its capabilities in security architecture, compliance, and certification and accreditation with best-of-breed tools to provide effective security solutions to customers in the public and private sectors. Currently, he is supporting the US Patent and Trademark Office’s Certification and Accreditation program.

[tags]FISMA, Laura Taylor, Matt Sheperd, Sunil J. Porter, FDIC, FBI[/tags]