Date Published: May 2004
Author(s)
Ron Ross (NIST), Marianne Swanson (NIST), Gary Stoneburner (NIST), Stuart Katzke (NIST), L. Johnson (NIST)
The purpose of this publication is to provide guidelines for the security certification and accreditation of information systems supporting the executive agencies of the federal government. The guidelines have been developed to help achieve more secure information systems within the federal government by: i) enabling more consistent, comparable, and repeatable assessments of security controls in federal information systems; ii) promoting a better understanding of agency-related mission risks resulting from the operation of information systems; and iii) creating more complete, reliable, and trustworthy information for authorizing officials--to facilitate more informed security accreditation decisions.
The purpose of this publication is to provide guidelines for the security certification and accreditation of information systems supporting the executive agencies of the federal government. The guidelines have been developed to help achieve more secure information systems within the federal...
See full abstract
The purpose of this publication is to provide guidelines for the security certification and accreditation of information systems supporting the executive agencies of the federal government. The guidelines have been developed to help achieve more secure information systems within the federal government by: i) enabling more consistent, comparable, and repeatable assessments of security controls in federal information systems; ii) promoting a better understanding of agency-related mission risks resulting from the operation of information systems; and iii) creating more complete, reliable, and trustworthy information for authorizing officials--to facilitate more informed security accreditation decisions.
Hide full abstract
Keywords
information systems; SDLC; security accreditation; security certification; System Development Life Cycle
Control Families
None selected
