Welcome to Scribd!

0% found this document useful (0 votes)

96 views

CDC Security Certification and Accreditation Plan (Intranet)

Uploaded by

The CDC Certification & Accreditation (C&A) process ensures that information systems have appropriate security controls and ongoing monitoring. It also requires periodic reassessment when systems change. The C&A process is mandated by laws including the Computer Security Act, E-Government Act, and FISMA, which require agencies to plan security, assign responsibilities, review controls, and authorize systems. All computers must have adequate security based on risk. Server systems require individual analysis and C&A while personal computers may receive blanket C&A. Security certification evaluates existing controls while accreditation is management's authorization to operate a system based on documented risks.

Copyright:

Available Formats

Download as DOCX, PDF, TXT or read online from Scribd

CDC Security Certification and Accreditation Plan (Intranet)

Uploaded by

Jared

0% found this document useful (0 votes)

96 views2 pages

Original Title

CDC Security Certification and Accreditation Plan (Intranet).docx

Copyright

Available Formats

DOCX, PDF, TXT or read online from Scribd

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Download as DOCX, PDF, TXT or read online from Scribd

Download as docx, pdf, or txt

0% found this document useful (0 votes)

96 views2 pages

CDC Security Certification and Accreditation Plan (Intranet)

Uploaded by

Jared

Copyright:

Available Formats

Download as DOCX, PDF, TXT or read online from Scribd

Download as docx, pdf, or txt

Jump to Page

You are on page 1of 2

Search inside document

http://intranet.cdc.

gov/ociso/canda/

Security Certification & Accreditation (C&A)

The CDC Certification & Accreditation (C&A) process ensures that information systems are operating with

appropriate management review, that ongoing security control monitoring occurs, and that reaccreditations

take place periodically or there is a significant change to an information system or its environment.

Legal Basis and Requirements

Based on the legislation identified below, the Office of Management and Budget (OMB) requires federal

government agencies to: (1) plan for security; (2) ensure that security responsibilities are assigned; (3)
periodically review information system security controls; and (4) authorize system processing prior to

operations and periodically, thereafter.

Public Law 100-235, the Computer Security Act of 1987, requires a risk-based security approach
policy to ensure for cost-effective Information Technology (IT) security.

The E-Government Act (Public Law 107-347), signed into law in December 2002, recognizes
information security' importance to United States economic and national security interests. Title III of
the E-Government Act, entitled the Federal Information Security Management Act (FISMA), requires
each federal agency to develop, document, and implement an agency-wide information security
program.

FISMA, along with the Paperwork Reduction Act of 1995 and the 1996 Clinger-Cohen Act, explicitly
emphasize a risk-based policy for cost-effective security.

Systems Requiring Certification

All computers, down to the individual PC, must be provided adequate security or security equal with the risk

and magnitude of harm resulting from the loss, misuse, or unauthorized access to or modification of

information. Personal computers in many cases receive blanket C&A due to common system characteristics.

Server-based computers hosting applications require more analysis and generally require individual C&A.

System environment analysis is often necessary to define system specific C&A requirements.

Security Certification

Security Certification is a comprehensive evaluation of CDC management, operational, and technical

security controls for an information system. This evaluation documents the effectiveness of existing security

controls in a particular operational environment and includes recommendations to implement additional

controls to mitigate outstanding system vulnerabilities. Security certification results are used to assess risks

to the system and update the system's security plan.

Security Accreditation
Security Accreditation is the official CDC management decision to authorize an information system to

operate. By accrediting an information system, a CDC official is explicitly acknowledging his or her

responsibility for adverse impacts to the CDC resulting from the documented risk levels for the system. The

C&A documents provide the factual basis for a CDC authorizing official to render a security accreditation

decision. It is essential that CDC officials have the most complete, accurate, and trustworthy information

possible to make credible, risk-based decisions on whether to authorize system operation.

Page Last Updated: January 19, 2012

Armadi Refrigerati-Perfekt-Perfekt Plus v01 en
Document45 pages
Armadi Refrigerati-Perfekt-Perfekt Plus v01 en
Serhat Yakar
No ratings yet
Crashworthiness of Transportation Systems: Structural I Mpact and Occupant Protection
Document623 pages
Crashworthiness of Transportation Systems: Structural I Mpact and Occupant Protection
Abhilash R M
No ratings yet
Barko Barko Barko Barko Barko Loaders Loaders Loaders Loaders Loaders
Document185 pages
Barko Barko Barko Barko Barko Loaders Loaders Loaders Loaders Loaders
alexandre desdoits
No ratings yet
School of Medicine Interview Information 2023 v1
Document4 pages
School of Medicine Interview Information 2023 v1
dovid
No ratings yet
Vacancy Notice INT03143
Document4 pages
Vacancy Notice INT03143
Jose E Oyono
No ratings yet
BTDD Create Bulk Linkages Between Client and Depots On H02 MFC725 v0 3
Document6 pages
BTDD Create Bulk Linkages Between Client and Depots On H02 MFC725 v0 3
Surya
No ratings yet
Basel I I I Presentation 1
Document32 pages
Basel I I I Presentation 1
madhusudhanan
No ratings yet
Collaborative Institutional Training Initiative (CITI) : Guide To Registration and Completing Training
Document20 pages
Collaborative Institutional Training Initiative (CITI) : Guide To Registration and Completing Training
sreven88
No ratings yet
Slack Gosdl Parsed Checklist PDF
Document7 pages
Slack Gosdl Parsed Checklist PDF
Chafiz Paugust
No ratings yet
Adjusting Entries Quiz - Accounting Coach
Document4 pages
Adjusting Entries Quiz - Accounting Coach
Sudip Bhattacharya
No ratings yet
PW Nelson Salmo Oct18
Document56 pages
PW Nelson Salmo Oct18
Pennywise Publishing
No ratings yet
Welch Allyn PDF
Document15 pages
Welch Allyn PDF
srikanth Posa
No ratings yet
Other Supplemental Guidance
Document8 pages
Other Supplemental Guidance
fadhlinaa
No ratings yet
013 - 015 Online Banking System
Document11 pages
013 - 015 Online Banking System
YUSUF ABDULMALIK
No ratings yet
1.1,1.2,1.3-Grid Computing and Utility Computing
Document20 pages
1.1,1.2,1.3-Grid Computing and Utility Computing
coderanonymous5
No ratings yet
Authenticom Corporate Brochure - DMS Integration and Automotive Data Management Solutions
Document20 pages
Authenticom Corporate Brochure - DMS Integration and Automotive Data Management Solutions
Authenticom, Inc.
No ratings yet
Navigation Update User Guide: Business Team 2 Hyundai Mnsoft DEC, 2020
Document89 pages
Navigation Update User Guide: Business Team 2 Hyundai Mnsoft DEC, 2020
bakcho
No ratings yet
China Now Has A Flying Propaganda Machine
Document8 pages
China Now Has A Flying Propaganda Machine
Mce Reg
No ratings yet
Unit4 FPA BARC Planning Survey 2022
Document33 pages
Unit4 FPA BARC Planning Survey 2022
Javier Alonso Fernández
No ratings yet
Summary
Document5 pages
Summary
small mochi
No ratings yet
CMDC Construction Management in Developing Countries Chapter 1 July2023
Document78 pages
CMDC Construction Management in Developing Countries Chapter 1 July2023
harikshrestha
No ratings yet
GAMP FR PP20201001 001 v0100EN PDF
Document5 pages
GAMP FR PP20201001 001 v0100EN PDF
Harish Gopinath
No ratings yet
Children S Social Care Stable Homes Consultation February 2023
Document220 pages
Children S Social Care Stable Homes Consultation February 2023
Busyharriedmum
No ratings yet
CS507 Subjective Questions
Document49 pages
CS507 Subjective Questions
Miralkhan003 Miralkhan003
No ratings yet
CV MinhHieu
Document2 pages
CV MinhHieu
Hiếu Trần Lê Minh
No ratings yet
Atul Kumar
Document3 pages
Atul Kumar
dubeyabhishek504
No ratings yet
2010 Eibctugs
Document2 pages
2010 Eibctugs
xxx
No ratings yet
Kaur 2020
Document7 pages
Kaur 2020
renohe9897
No ratings yet
EPA Region 7 Communities Information Digest - Dec 5, 2014
Document7 pages
EPA Region 7 Communities Information Digest - Dec 5, 2014
EPA Region 7 (Midwest)
No ratings yet
Quick Facts On Labour Rev
Document2 pages
Quick Facts On Labour Rev
Lois Balogun
100% (1)
DataVision International Limited - Company Profile
Document11 pages
DataVision International Limited - Company Profile
William Mgaya
0% (1)
Fake Experience Letters Provied It Soft Ware
Document7 pages
Fake Experience Letters Provied It Soft Ware
Lohith Kumar
No ratings yet
The Shortcut Guide To: Improving IT Service Support Through ITIL
Document103 pages
The Shortcut Guide To: Improving IT Service Support Through ITIL
tonyjames12
No ratings yet
Understanding The Risks of Mobile Apps
Document7 pages
Understanding The Risks of Mobile Apps
blussiertt
No ratings yet
Hawk's FoE Info Sheet
Document120 pages
Hawk's FoE Info Sheet
Ego Itoman
No ratings yet
Wrtitten Assignment Unit 1
Document6 pages
Wrtitten Assignment Unit 1
Francis Desoliviers Winner-Bluheart
No ratings yet
Oracle BPA 11g Quick Start Sample Guide
Document210 pages
Oracle BPA 11g Quick Start Sample Guide
Lora Vit
No ratings yet
B.Tech Civil Syllabus AR16 Revised
Document227 pages
B.Tech Civil Syllabus AR16 Revised
abhiram_23355681
No ratings yet
SME Server Documentation
Document111 pages
SME Server Documentation
mmchokies
100% (1)
Bermuda Digest of Statistics 2022
Document121 pages
Bermuda Digest of Statistics 2022
BernewsAdmin
No ratings yet
(Vặn cap, cylinder LP1) 1500 - operations - manual
Document203 pages
(Vặn cap, cylinder LP1) 1500 - operations - manual
NguyễnTuấnAnh
No ratings yet
ECA Virtual IT Systems in A GXP Environment
Document4 pages
ECA Virtual IT Systems in A GXP Environment
Hemant Goswami
No ratings yet
Health Check Brochure
Document20 pages
Health Check Brochure
Venkataraman Ramamoorthy
No ratings yet
Cloud Service Provider
Document5 pages
Cloud Service Provider
Subhana Hashmi
No ratings yet
Dell and Intel Security Thought Leadership
Document11 pages
Dell and Intel Security Thought Leadership
Avanish Divya
No ratings yet
AET Aetna 2017 Investor Day Presentation - Final (For Website) PDF
Document73 pages
AET Aetna 2017 Investor Day Presentation - Final (For Website) PDF
Ala Baster
No ratings yet
Audit 2 l9 Computers in Audit
Document100 pages
Audit 2 l9 Computers in Audit
Gen Abulkhair
No ratings yet
NAVEX Global DOJ Presentation FINAL
Document28 pages
NAVEX Global DOJ Presentation FINAL
Hasib
No ratings yet
Adidas
Document3 pages
Adidas
Debarshee Mukherjee
No ratings yet
Employee UAN Activation Process
Document8 pages
Employee UAN Activation Process
universal services
No ratings yet
Deity State - Data Center Policy
Document10 pages
Deity State - Data Center Policy
Harum
No ratings yet
Fraud Awareness Training: Detection and Prevention
Document20 pages
Fraud Awareness Training: Detection and Prevention
DataMis EliosHealthCare
No ratings yet
SCM Preparation Wise
Document31 pages
SCM Preparation Wise
Radha Krishna - with you
No ratings yet
Communication Internship
Document10 pages
Communication Internship
Marissa Kerins
No ratings yet
Written Assignment (Unit 3) Entrepreneurship
Document4 pages
Written Assignment (Unit 3) Entrepreneurship
Anna Akolade
No ratings yet
PAM in Most Reasonable Price in India.
Document26 pages
PAM in Most Reasonable Price in India.
Iraje Software
No ratings yet
JOURNAL46 Full Web
Document238 pages
JOURNAL46 Full Web
Yahya Mousaoui
No ratings yet
SM32X Release Note
Document26 pages
SM32X Release Note
Andrei Ba
No ratings yet
NCSC-TG-004 Glossary of Computer Security Terms (Teal Book)
Document61 pages
NCSC-TG-004 Glossary of Computer Security Terms (Teal Book)
Robert Vale
No ratings yet
Violet Book
Document61 pages
Violet Book
kivihuwi
No ratings yet
Information Systems For Business and Beyond PDF
Document167 pages
Information Systems For Business and Beyond PDF
johnatan17
No ratings yet
Towards A National Disability Information System
Document11 pages
Towards A National Disability Information System
Jared
No ratings yet
BT421 - Analysis and Development of Information Systems: Instructor: Email: Telephone: Office Hours
Document6 pages
BT421 - Analysis and Development of Information Systems: Instructor: Email: Telephone: Office Hours
Jared
No ratings yet
Management Information Strategy: Swansea University
Document7 pages
Management Information Strategy: Swansea University
Jared
No ratings yet
Master of Science in Information Systems & Technology Management Submitted by The College of Business & Economics I: Description
Document33 pages
Master of Science in Information Systems & Technology Management Submitted by The College of Business & Economics I: Description
Jared
No ratings yet
Standard Responseto Requestfor Information Windows Azure Security Privacy
Document67 pages
Standard Responseto Requestfor Information Windows Azure Security Privacy
Jared
No ratings yet
Last Year's Ex Sol
Document9 pages
Last Year's Ex Sol
Jared
No ratings yet
Information Security Plan Template
Document14 pages
Information Security Plan Template
Jared
No ratings yet
Information System Contingency Plan Template
Document44 pages
Information System Contingency Plan Template
Jared
No ratings yet
The Australian Apprenticeships Management System - IT Overview
Document3 pages
The Australian Apprenticeships Management System - IT Overview
Jared
No ratings yet
Unit Outline : MGMT8620 Management of Information Systems
Document8 pages
Unit Outline : MGMT8620 Management of Information Systems
Jared
No ratings yet
The Effect of Management Information System On Achievement of Organization Objectives
Document27 pages
The Effect of Management Information System On Achievement of Organization Objectives
Jared
0% (1)
University Certificate in Computers and Management Information Systems (30 Credits)
Document1 page
University Certificate in Computers and Management Information Systems (30 Credits)
Jared
No ratings yet
Research Grants Management Information System Meeting
Document1 page
Research Grants Management Information System Meeting
Jared
No ratings yet
Records Management Program Records Management Procedures Manual
Document26 pages
Records Management Program Records Management Procedures Manual
Jared
No ratings yet
Noah Brubaker: Education
Document4 pages
Noah Brubaker: Education
Jared
No ratings yet
ENISA Report - Post-Quantum Cryptography Current State and Quantum Mitigation-V2
Document46 pages
ENISA Report - Post-Quantum Cryptography Current State and Quantum Mitigation-V2
anlemaco
No ratings yet
ROS 15-01-149 C001 R4.1 IEC 61508 Certificate 5408
Document2 pages
ROS 15-01-149 C001 R4.1 IEC 61508 Certificate 5408
mohamed ashor
No ratings yet
PPT ch02
Document61 pages
PPT ch02
Matthew Young
No ratings yet
Safety Light Curtains - OMRON
Document11 pages
Safety Light Curtains - OMRON
narshih
No ratings yet
C-Kyc Frequently Asked Questions (Faq) : Section A: General Faqs
Document9 pages
C-Kyc Frequently Asked Questions (Faq) : Section A: General Faqs
Anuj Kumar
No ratings yet
ISO27k Controls Cross Check
Document6 pages
ISO27k Controls Cross Check
Christen Castillo
No ratings yet
In Ra Managing Risk in Digital Transformation 1 Noexp
Document16 pages
In Ra Managing Risk in Digital Transformation 1 Noexp
Shafira Amanda
No ratings yet
Blue Jacking
Document2 pages
Blue Jacking
Sahil Sethi
No ratings yet
Zero-Day Exploit Detection
Document2 pages
Zero-Day Exploit Detection
serzhan
No ratings yet
Importance of Testing
Document3 pages
Importance of Testing
Shazmania
No ratings yet
Cloud Service Provider
Document5 pages
Cloud Service Provider
Subhana Hashmi
No ratings yet
Daftar Nilai Harian Kurtilas Kelas 6
Document57 pages
Daftar Nilai Harian Kurtilas Kelas 6
Apri Dwi Prasetyo
No ratings yet
Introduction To Networks
Document4 pages
Introduction To Networks
chelle1nn
No ratings yet
A Practical Guide To A Zero Trust Implementation
Document14 pages
A Practical Guide To A Zero Trust Implementation
JAVIER SANTIAGO FLOREZ NAVAS
No ratings yet
LACDP - Form - Membership - Alternate Appointment 2008-2010
Document1 page
LACDP - Form - Membership - Alternate Appointment 2008-2010
roblesdemocrat
No ratings yet
Cardless Withdrawal Frequently Asked Questions
Document2 pages
Cardless Withdrawal Frequently Asked Questions
Michelle Dimalanta
No ratings yet
Assignment 1
Document2 pages
Assignment 1
Hammad Kabir
No ratings yet
SAP HANA Application Lifecycle Management en
Document164 pages
SAP HANA Application Lifecycle Management en
miscio4229
100% (1)
OAJIS - 14 - 1153 Yosua Alberth Sir
Document6 pages
OAJIS - 14 - 1153 Yosua Alberth Sir
yosua alberth sir
No ratings yet
ECS4210 - Series - CLI Manual
Document712 pages
ECS4210 - Series - CLI Manual
Angga Wijaya
No ratings yet
Catalog UK
Document140 pages
Catalog UK
carniz8912
No ratings yet
Eric S. Yuan Ryan Azus Aparna Bawa: CEO & Founder Chief Revenue Officer Chief Legal Officer
Document2 pages
Eric S. Yuan Ryan Azus Aparna Bawa: CEO & Founder Chief Revenue Officer Chief Legal Officer
Ritish
No ratings yet
Data Privacy Act Seminar
Document2 pages
Data Privacy Act Seminar
Joan Baltazar
No ratings yet
Data Bitlocker Maintenance Laptop
Document48 pages
Data Bitlocker Maintenance Laptop
mas bro
No ratings yet
Process Flow of 'PM KISSAN SAMMAN NIDHI
Document20 pages
Process Flow of 'PM KISSAN SAMMAN NIDHI
subhalaxmi computer
No ratings yet
Analysis of EAP-SIM Session Key Agreement: Sarvar Patel
Document4 pages
Analysis of EAP-SIM Session Key Agreement: Sarvar Patel
abogela geraine
No ratings yet
Unit-5 (OS)
Document45 pages
Unit-5 (OS)
rishi reddy
No ratings yet
An Introduction To MariaDB's Data at Rest Encryption (DARE) - Part 1
Document2 pages
An Introduction To MariaDB's Data at Rest Encryption (DARE) - Part 1
Stephen Efange
No ratings yet
Meters & Metering Cabinet & MCCB
Document30 pages
Meters & Metering Cabinet & MCCB
natsclimbers
No ratings yet
VSFTP in Linux
Document26 pages
VSFTP in Linux
Aji Kurniawan Rahman
50% (2)