An Introduction to Certification and Accreditation

Going through the formal process of Certification and Accreditation (CandA) insures that a clearly established set of Security Requirements is developed and implemented, any residual risk is minimized and clearly understood, and all aspects of the development and deployment of security controls and policies are described in the System Authority Authorization Agreement (SSAA). This paper will examine the CandA process, the guidance that helps define the Security Requirements, and the responsible parties and their roles, to provide a basic understanding of CandA.