Course Length:
20 hours over 10 weeks (1 two-hour meeting per week)
Course Description:
Certification and accreditation of information systems’ security
provide an objective basis of confidence for approval to operate
systems that protect the confidentiality and integrity of valuable
information resources. This course provides an overview of the laws,
regulations, standards, policies and processes that govern and provide
guidance for certification and accreditation of national security
systems, including federal agency and Department of Defense information
systems. The course introduces the National Information Assurance
Certification and Accreditation Process (NIACAP), the DoD Information
Technology Certification and Accreditation Process (DITSCAP), and
Director of Central Intelligence Directive (DCID) 6/3 for intelligence
systems. Also addressed are a variety of personnel, facility, and
operational security management (SSM) considerations for such systems.
Course Learning Objective:
Familiarity with regulations and policies pertaining to the security
posture of national security systems. Understanding of the management
tasks and activities of the NIACAP/DITSCAP and the phases of the
accreditation process. Ability to participate in the DITSCAP and system
management in any of several roles.
Major Topics:
Certification authority, requiremente, policies and guidance, roles and
responsibilities, DITSCAP phases, defense in depth, System Security
Authorization Agreement (SSAA), risk assessment, accreditation classes,
re-accreditation, technical measures, Common Criteria, IA Vulnerability
Management (IAVM) Process. Operational considerations, incident
handling, media control, system management. NSTISSP 11 and Common
Criteria security product evaluation. Certification testing, (Interim)
Approval to Operate (ATO), electronic records management, cross-domain
solutions (CDS).
Method of Instruction:
Lectures, readings, case studies, exercises
Evaluation Methods:
Quizzes, exams, homework, papers, final
