Return to CASPIA Home
COEN 226
Back to Courses Syllabus
More ...
(instructor discretionary)

Introduction to System
Certification and Accreditation

Course Length:

20 hours over 10 weeks (1 two-hour meeting per week)


Course Description:

Certification and accreditation of information systems’ security provide an objective basis of confidence for approval to operate systems that protect the confidentiality and integrity of valuable information resources. This course provides an overview of the laws, regulations, standards, policies and processes that govern and provide guidance for certification and accreditation of national security systems, including federal agency and Department of Defense information systems. The course introduces the National Information Assurance Certification and Accreditation Process (NIACAP), the DoD Information Technology Certification and Accreditation Process (DITSCAP), and Director of Central Intelligence Directive (DCID) 6/3 for intelligence systems. Also addressed are a variety of personnel, facility, and operational security management (SSM) considerations for such systems.


Course Learning Objective:

Familiarity with regulations and policies pertaining to the security posture of national security systems. Understanding of the management tasks and activities of the NIACAP/DITSCAP and the phases of the accreditation process. Ability to participate in the DITSCAP and system management in any of several roles.


Major Topics:

Certification authority, requiremente, policies and guidance, roles and responsibilities, DITSCAP phases, defense in depth, System Security Authorization Agreement (SSAA), risk assessment, accreditation classes, re-accreditation, technical measures, Common Criteria, IA Vulnerability Management (IAVM) Process. Operational considerations, incident handling, media control, system management. NSTISSP 11 and Common Criteria security product evaluation. Certification testing, (Interim) Approval to Operate (ATO), electronic records management, cross-domain solutions (CDS).


Method of Instruction:

Lectures, readings, case studies, exercises


Evaluation Methods:

Quizzes, exams, homework, papers, final


© 2006 Center for Advanced Study and Practice of
Information Assurance (CASPIA), Santa Clara University
                  SCU        COEN        CASPIA Home        Courses        More...