Beyond the Preoccupation with Certification & Accreditation

by Kevin Esser
Sept. 1, 2017 0 comments SANS Institute accreditation, c&a, rmf

Seeking and achieving formal Certification and Accreditation of systems designed for use within the Department of Defense is a statutory requirement and a necessary part of a system’s overall Information Assurance program. A singular focus on this “process” objective, however, too often overshadows critical Information Assurance engineering activities necessary during system design.

https://www.sans.org/reading-room/whitepapers/accreditation/preoccupation-certification-accredita...