NIST 800-37 Certification & Accreditation Process
-
Upload
timmcguinness -
Category
Technology
-
view
3.111 -
download
1
description
Transcript of NIST 800-37 Certification & Accreditation Process
System Owner
Authorizing OfficialCertification Agent
Prepare Documentation
Initiation Phase 1
1. Describe the System2. Categorize its C.I.A.3. Identify Threats to it4. Identify its Vulnerabilities5. Identify In-Place and Planned Security Controls6. Determine its Initial Risks
Initiation
NIST 800-37 Risk Management & Certification and Accreditation Tasks
Notify Officials & Identify
Resources
Planning Phase 3
1. Notify Program Officials2. Identify Resources Needed and Plan execution of Activities
Initiation
Report & DocumentStatus
O&M Phase 9
1. Update Security Plan2. Update Plan of Action & Milestones3. Report Status
Monitoring
Monitor SecurityControls
O&M Phase 9
1. Select In-Place Security Controls2. Assess Selected Security Controls
Monitoring
Manage & ControlConfiguration
O&M Phase 9
1. Document System Changes2. Analyze Security Impacts
Monitoring
Analyze, Update& Accept System
Security Plan
Multiple Phases 4-6
1. Review Security C.I.A. Categorizations2. Analyze Security Plan 3. Update Security Plan 4. Obtain Authorizing Official Acceptance of Security Plan
Initiation
Assess & EvaluateSecurity Controls
Integration & Test Phase 7
1. Prepare Documentation & Supporting Materials2. Review Methods and Test Procedures3. Assess & Evaluate In- Place Security Controls4. Report Security Assessment Results
Certification
Document SecurityAccreditation
Integration & Test Phase 7
1. Transmit Security Accreditation Package2. Update Security Plan
Accreditation
Document SecurityCertification
Integration & Test Phase 7
1. Provide Findings and Recommendations2. Update Security Plan3. Prepare Plan of Action & Milestones4. Assemble Accreditation Package
Certification
Make Security Accreditation
DecisionIntegration & Test
Phase 7
1. Determine Final Risk Levels2. Accept Residual Risk
Accreditation
System Owner
Phase 1 – Task 1
Phase 3 – Task 6
Phase 1 – Task 2 Phase 1 – Task 3 Phase 2 – Task 4 Phase 2 – Task 5
Phase 3 – Task 7 Phase 4 – Task 8 Phase 4 – Task 9 Phase 4 – Task 10
Primary Responsibility
SDLC
NIST 800-37
Phases
Presented By Dr. Tim McGuinness www.RegulatoryPro.us