Your internal C&A team, responsible for developing the C&A package for its federal agency, has been asked to attend a meeting with the senior executive in charge of information technology who wishes to understand the security requirements, threats, vulnerabilities, controls, and risks to the agency. Explain at a high level how your team will follow the C&A process as mandated by the Federal Information Security Management Act (FISMA), and the expected components of your C&A package that is being developed for the agency.
The overall objective for this discussion question is to explain the following:
- Discuss the specifics of the C&A assessment process being conducted by your internal C&A team by using some of the following concepts in the discussion:
- Description of the 4 primary types of C&A: National Institute of Standards and Technology (NIST), National Information Assurance Certification and Accreditation (NIACAP), Department of Defense Information Technology Security and Accreditation Process (DITSCAP), and Director of Central Intelligence Directive (DCID) 6/3
- Explanation of the logical steps for preparation of a C&A audit/review and roles of the audit/review team
- Description of the type of tasks required to put a C&A program into place and the required documents and guidelines needed to establish the program
- Respond to the postings of at least 2 of your classmates.
Please use APA for any references used in your research of these topics.
|Due By (Pacific Time)
||04/28/2015 06:00 pm