Certification and Accreditation: A madmans dilemma - Controls

by Robert Edwards Sept. 1, 2017 via SANS Institute

During the Certification and Accreditation of an Information System an organization defines what supporting documentation is needed in order to accredit the information system in question. But each accreditation process is different in that the requirements needed depends on what you are accrediting either a Major Application or a General Support System. But you still need to remember what exactly you are accrediting.

https://www.sans.org/reading-room/whitepapers/auditing/certification-accreditation-madmans-dilemm...