Certification and Accreditation: A madmans dilemma - Costs

by Robert Edwards
Sept. 1, 2017 0 comments SANS Institute accreditation, c&a, rmf

When associating the various documents needed to conduct a CAP, it is most confusing in trying to actually place a dollar value to this process. Remember there are a multitude number of ways of conducting a CAP. Table 6 provides an example of how to estimated the cost of conducting a CAP. For simplicity we use the DOD 8510.1-M Appendix 1 format for System Security Authorization Agreement (SSAA) each corresponding Appendix will have the title only and not the Appendix Letter (you see the similarity between your process and this process). Remember the federal government does not share information with other federal agencies let alone within its boundary as well. “We don’t share our information with anyone that includes our own subordinate organizations”.

https://www.sans.org/reading-room/whitepapers/accreditation/certification-accreditation-madmans-d...