The certifier (or certification team) provides the technical know-how to perform the certification throughout the life cycle of the system, based on the security requirements set out in the SSAA. The certifier identifies the existing residual risk and sends an accreditation recommendation to the DAA. The certifier is the technical expert who documents the trade-offs between security requirements, costs, availability, and security risk management schedule. Individuals in these roles tailor and plan C&A efforts based on the mission, environment, system architecture, threats, funding, and system schedule. These people solve critical problems with schedule, budget, security, functionality, and performance. We will take a closer look at these roles in the following subsections. Since then, the government has issued several policies and standards on computer security and good management of computer information. A method known as certification and accreditation (C&A) has also been developed to ensure that an information system has met all safety requirements before it is put into operation. Many roles are involved in the C&A process. Many of these roles, for example. B system owners, system managers, configuration managers, system administrators, and risk analysts are defined in other chapters of this book. One of the advantages of Sans 20 Critical Security Controls are the 20 individual control terminals that the organization can respond to. It starts with some basic audit information.
In step 1, inventory all authorized and unauthorized devices. This may mean that you will access any workstation and check the system protocols to determine if USB, music or phone have been connected to the computer. The second step is to audit the software in the same way. Often, a user downloads software and does not know that they have violated their organization`s IT policies. These two fundamental revisions must be carried out annually for some organizations and more frequently for others. For more information, visit the SANS.ORG website. The tasks of the certifier are to determine if a certification system is ready and to carry out the certification process. As mentioned in the SSAA, the user`s representative: answer c is a distracting; The NIACAP applies to each of the other three types of accreditation and can be adapted to the specific needs of the organisation and the SI. A location accreditation (response a) evaluates applications and systems at a specific, closed site. A type approval (response b) evaluates an application or system spread over several sites.
An accreditation system (response c) assesses a main application or a general support system. The certifier determines whether a certification system is ready and executes the certification process – a comprehensive assessment of the technical and non-technical safety features of the system. At the end of the certification efforts, the certifier declares the certification status and recommends to the DAA to accredit the system on the basis of the documented residual risk. . . .