Certification and Accreditation is required by the Federal Information Security Management Act (FISMA) of 2002. All systems and applications supporting Federal government agencies must go through a formal C&A before being put into production, and every three years thereafter. Certification is the comprehensive evaluation of the technical and non-technical security features of an information system and other safeguards, made in support of the accreditation process, to establish the extent to which a particular design and implementation meet a set of specified security requirements. Accreditation is a formal declaration by the Authorizing Official (AO) that an information system is approved to operate in a particular security mode using a prescribed set of safeguards at an acceptable level of risk to the Agency.
OCIO provides Certification and Accreditation services through a proven engagement methodology that ensures customer readiness and efficient delivery, minimizing impact to your technology support teams.
OCIO’s Information Systems Security Line of Business Center of Excellence (ISSLOB COE) performs the development, update and review of all required security documentation, provide C&A consultation services to the information system personnel, and performs an independent assessment on the information system to ensure all required system security controls are in place, implemented correctly and operating as intended. All services are implemented in accordance with the guidelines specified within NIST 800-37, Certification and Accreditation.
NIST 800-37 establishes a standard security certification and accreditation process to be used throughout the Federal Government. The NIST process is designed to be adaptable to any type of information system and any computing environment and mission within the government.