9

C&A NIST SP 800-37

Introduction

The Certification & Accreditation (C&A) process requires a systemic perspective that is attentive to the dependencies of related processes, business activities, and interconnected information systems. Federal information systems are complex in nature; they are often distributed, utilize heterogeneous operating systems and hardware, and have data inputs and outputs between many sources. The C&A challenge for agencies is to determine whether their systems meet a standard, consistent, measurable level of security.

The National Institute of Standards and Technology (NIST) released Special Publication 800-37 (SP 800-37), “Guide for the Security Certification and Accreditation of Federal Information Systems,” ...

Get Official (ISC)2® Guide to the CISSP®-ISSEP® CBK® now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.