10 likes | 166 Views
Census Certification and Accreditation Tasks. Phase 1 – Task 2. Phase 1 – Task 3. Phase 2 – Task 4. Phase 2 – Task 5. Phase 2 – Task 6. Phase 1 – Task 1. Initiation. Initiation. Initiation. Certification. Certification. Certification. Update / Prepare Documentation.
E N D
Census Certification and Accreditation Tasks Phase 1 –Task 2 Phase 1 –Task 3 Phase 2 –Task 4 Phase 2 –Task 5 Phase 2 –Task 6 Phase 1 –Task 1 Initiation Initiation Initiation Certification Certification Certification Update / Prepare Documentation Notify Officials & Identify Resources Analyze, Update & Accept System Security Plan Assess & Evaluate Security Controls Document Security Certification Changes, Actions Required ? 1. Categorize system C.I.A. (FIPS-199) 2. Complete/update system Risk Assessment (800-30) 3. Complete/update SSP (800-18) 4. Complete/update system Self Assessment (800-26) 5. Complete/update system Contingency Plan (800-34) 1. Notify Authorizing Official, CIO, Certification Agent 2. Identify Resources Needed 1. Review Security C.I.A. Categorizations 2. Analyze Security Plan 3. Update Security Plan 4. Request Certification and Accreditation from Certification Agent 1. Acceptance of system C&A package by Certification Agent 2. Prepare Documentation & Supporting Materials 3. Review Methods and TestProcedures 4. Assess & Evaluate In- Place Security Controls 5. Report Security Assessment Results 1. Provide Findings and Recommendations 2. Certify system 3. Recommend Accreditation 1. Update package updates 2. Prepare Plan of Action & Milestones 3. Assemble Accreditation Package 4. Submit package for Accreditation Phase 4 –Task 9 Phase 4 –Task 10 Phase 4 –Task 11 Phase 3 –Task 7 Phase 3 –Task 8 Accreditation Accreditation Monitoring Monitoring Monitoring Make Security Accreditation Decision Document Security Accreditation Manage & Control Configuration Monitor Security Controls Report & Document Status 1. Determine Final Risk Levels 2. Accept Residual Risk 1. Sign and Transmit Security Accreditation Package • Update System Security Plan to reflect accreditation status • 2. Document System • Changes • 3. Analyze Security • Impacts 1. Select In-Place Security Controls 2. Assess Selected Security Controls 1. Update Security Plan 2. Update Plan of Action & Milestones 3. Report Status Primary Responsibility System Owner = Information Owner / Hardware Owner (Division Chief) Certification Agent = Chief, ITSO Authorizing Official = Associate Director (DAA) System Owner = Information Owner / Hardware Owner (Division Chief)