Presentation is loading. Please wait.

Presentation is loading. Please wait.

Certification and Accreditation CS-7493-01 Syllabus Ms Jocelyne Farah Mr Clinton Campbell.

Published byErick Russell Modified over 8 years ago

Similar presentations

Presentation on theme: "Certification and Accreditation CS-7493-01 Syllabus Ms Jocelyne Farah Mr Clinton Campbell."— Presentation transcript:

1 Certification and Accreditation CS-7493-01 Syllabus Ms Jocelyne Farah Mr Clinton Campbell

2 Introduction Verification Security Features Implemented Documentation Validation Validate the integrated system Post Accreditation Monitor compliance and change management Definition Mission, Architecture & Environment Security Requirements SSAA n NSDD 145 and related laws: Must protect both classified and unclassified; but also sensitive information

3 3Overview n Core Materials –National Information Assurance Certification and Accreditation Process (NIACAP) –DoD Information Technology Security Certification and Accreditation Process (DITSCAP) n Units Outline 1.Background 2.ITSEC System Classification 3.Process Overview 4.Risk Management 5.Common Criteria 6.Phase 1 – Definition 7.Phase 2 – Verification 8.Phase 3 – Validation 9.Phase 4 – Post Accreditation n Assignments Ref: NIACAP, DITSCAP, and DITSCAP Manual

4 4 Unit 1:Background n Threats, Vulnerabilities, & Risk n Guidance –Selected Applicable Public Law –National Security Policy & Directives –DoD Policy, Directives, & Instructions n Definitions –System & System Classes –Designated Approving Authority (DAA) –Certification –Accreditation

5 5 Unit 2:ITSEC System Classification n ITSEC Classes –Introduction –Interfacing Mode –Processing Mode –Attribution Mode –Mission-Reliance Factor –Accessibility Factor –Accuracy Factor –Information Category n Security Requirements n Determination of System Class

6 6 Unit 3:Security Process Overview n C&A Process –Phase I- Definition –Phase II- Verification –Phase III- Validation –Phase IV- Accreditation n Critical Concepts –SSAA Overview –Key to Success – Agreement –Life Cycle Tailoring –Certification Levels –Risk Management

7 7 Unit 4:Risk Management n Review – Threats, Vulnerabilities, & Risk n Identifying and Assessing Risk n Assessing Threats and Vulnerabilities n Risk Management Concept

8 8 Unit 5:Common Criteria (CC) n Purpose n Overview n COTS Products Using the CC

9 9 Unit 6:Phase I-Definition n Accreditation Options n Accreditation Boundaries n Phase I –Overview –Activities –Certification Tasks –Role and Responsibilities

10 10 Unit 7:Phase II- Verification n Phase II –Overview –Activities –Certification Tasks –Role and Responsibilities n Minimal Security Checklists –System Architecture Analysis –S/W H/W Firmware Design Analysis –Network Connection Rule Compliance Analysis –Integrity Analysis of Integrated Products n Common Criteria –Life Cycle Management Analysis –Vulnerability Assessment

11 11 Unit 8:Phase III- Validation n Phase III –Overview –Activities –Certification Tasks –Role and Responsibilities n Minimal Security Checklist –Security Test and Evaluation –Penetration Testing –Tempest and Red/Black Verification –COMSEC Compliance Verification –System Management Analysis –Site Accreditation Survey –Contingency Plan Evaluation –Risk Management Review

12 12 Unit 9:Phase IV- Post Accreditation n Phase IV –Overview –Activities –Certification Tasks –Role and Responsibilities

13 13Assignments n Team Presentation Selection: To Be Determined n Additional Assignments: To Be Determined

Download ppt "Certification and Accreditation CS-7493-01 Syllabus Ms Jocelyne Farah Mr Clinton Campbell."

Similar presentations

METRICS AND CONTROLS FOR DEFENSE IN DEPTH AN INFORMATION TECHNOLOGY SECURITY ASSESSMENT INITIATIVE.

METRICS AND CONTROLS FOR DEFENSE IN DEPTH AN INFORMATION TECHNOLOGY SECURITY ASSESSMENT INITIATIVE.
PKE PP Mike Henry Jean Petty Entrust CygnaCom Santosh Chokhani.

PKE PP Mike Henry Jean Petty Entrust CygnaCom Santosh Chokhani.
The Common Criteria for Information Technology Security Evaluation

The Common Criteria for Information Technology Security Evaluation
The Common Criteria Cs5493(7493). CC: Background The need for independently evaluated IT security products and systems led to the TCSEC Rainbow series.

The Common Criteria Cs5493(7493). CC: Background The need for independently evaluated IT security products and systems led to the TCSEC Rainbow series.
DoD Information Assurance Certification and Accreditation Process (DIACAP) August 2011.

DoD Information Assurance Certification and Accreditation Process (DIACAP) August 2011.
INFORMATION SYSTEMS & GLOBAL SERVICES Craig Solem, CISSP Lockheed Martin Information Systems and Global Services Program Manager, Joint Medical information.

INFORMATION SYSTEMS & GLOBAL SERVICES Craig Solem, CISSP Lockheed Martin Information Systems and Global Services Program Manager, Joint Medical information.
SPēD Certification Program Executive Overview. 2April 2012Executive Overview Purpose Outline the SPēD Program Provide SPēD Program update Provide SPēD.

SPēD Certification Program Executive Overview. 2April 2012Executive Overview Purpose Outline the SPēD Program Provide SPēD Program update Provide SPēD.
DISN Video Services September 21, 2009 An Overview of the VTF DIACAP Process A Combat Support Agency Defense Information Systems Agency.

DISN Video Services September 21, 2009 An Overview of the VTF DIACAP Process A Combat Support Agency Defense Information Systems Agency.
DoD Information Technology Security Certification and Accreditation Process (DITSCAP) Phase III – Validation Thomas Howard Chris Pierce.

DoD Information Technology Security Certification and Accreditation Process (DITSCAP) Phase III – Validation Thomas Howard Chris Pierce.
Security Controls – What Works

Security Controls – What Works
Information Security Policies and Standards

Information Security Policies and Standards
Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.

Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.
CS 591 DITSCAP1 E-voting DITSCAP Project UCCS POC: Edward Chow Boeing POC: Izzy Rodriguez Team: Samarpita Hurkute Kunal Bele Kunal Bele Shin Nam Shin Nam.

CS 591 DITSCAP1 E-voting DITSCAP Project UCCS POC: Edward Chow Boeing POC: Izzy Rodriguez Team: Samarpita Hurkute Kunal Bele Kunal Bele Shin Nam Shin Nam.
Christopher P. Cabuzzi CS 591 DEFENSE INFORMATION ASSURANCE CERTIFICATION & ACCREDITATION PROCESS (DIACAP) Chris Cabuzzi, DIACAP, 12/8/10 1.

Christopher P. Cabuzzi CS 591 DEFENSE INFORMATION ASSURANCE CERTIFICATION & ACCREDITATION PROCESS (DIACAP) Chris Cabuzzi, DIACAP, 12/8/10 1.
Information Systems Security Officer

Information Systems Security Officer
Security Engineering II. Problem Sources 1.Requirements definitions, omissions, and mistakes 2.System design flaws 3.Hardware implementation flaws, such.

Security Engineering II. Problem Sources 1.Requirements definitions, omissions, and mistakes 2.System design flaws 3.Hardware implementation flaws, such.
Secure System Administration & Certification DITSCAP Manual (Chapter 6) Phase 4 Post Accreditation Stephen I. Khan Ted Chapman University of Tulsa Department.

Secure System Administration & Certification DITSCAP Manual (Chapter 6) Phase 4 Post Accreditation Stephen I. Khan Ted Chapman University of Tulsa Department.
By: Ashwin Vignesh Madhu

By: Ashwin Vignesh Madhu
First Practice - Information Security Management System Implementation and ISO 27001 Certification.

First Practice - Information Security Management System Implementation and ISO Certification.
DITSCAP Phase 2 - Verification Pramod Jampala Christopher Swenson.

DITSCAP Phase 2 - Verification Pramod Jampala Christopher Swenson.

Similar presentations

Ads by Google