Laura Taylor

Chapter 1 – What Is Certification and Accreditation?

OMB Circular A-130, Appendix III and the Federal Information Security Management Act (FISMA) requires that all federal agencies institute an agency-wide information security program to provide information security for the information and information systems that support the operations and assets of the agency. This includes those systems provided or managed by another agency, contractor, or other source. All USDA agencies shall institute a comprehensive assessment of the management, operational, and technical security controls in an information system to determine the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting a specified set of security requirements for the system. These actions are referred to as system certifications. Certification supports the official management decision given by a senior agency official to authorize operation of an information system and to explicitly accept the risk to agency operations, agency assets, or individuals based on the implementation of an agreed-upon set of security controls. This decision is referred to as system accreditation.