Beyond the Preoccupation with Certification and Accreditation

Seeking and achieving formal Certification and Accreditation of systems designed for use within the Department of Defense is a statutory requirement and a necessary part of a system's overall Information Assurance program. A singular focus on this process objective, however, too often overshadows critical Information Assurance engineering activities necessary during system design. This problem is particularly acute in tactical system developments. This guide attempts to chart a course for the tactical system developer that interlaces crucial Information Assurance activities alongside standard Department of Defense acquisition and systems engineering design activities, ensuring security features are standard elements of system design and life-cycle supportability plans.