The National Information Assurance Certification and Accreditation Process (NIACAP) formalizes the certification and accreditation process for U.S. government national security information systems. NIACAP consists of four phases (definition, verification, validation and post-accreditation) that generally correspond to the DITSCAP phases. In addition, NIACAP defines three types of accreditation: the Schengen Agreement: the Schengen Agreement is used for two agreements between European states in 1985 and 1990 that aim to abolish systematic border controls between participating countries. By the Treaty of Amsterdam, the two agreements… Wikipedia One of the advantages of the no 20 Critical Security Controls is the 20 individual touchstones that the organization can react to. It starts with basic audit information. In Step 1, inventory all authorized and unauthorized devices. This can mean that you can access each workstation and check system protocols to determine if USB, music or phones have been connected to the computer. The second step is to monitor the software in the same way. Often a user will download software and not know that he has broken the rules of the I.
T of his organizations. These two basic reviews must be conducted annually for some organizations and more often for others. For more information, visit the SANS.ORG website. The certifier, not the DAA, determines the existing residual risk level and issues the accreditation recommendation. The AAD determines the acceptable and non-existent risk to a system. The other answers on the DAA are true. To give organizations a starting point for the development of their own safety management systems, the International Standards Organization (ISO) and the International Electrical Engineering Commission (IEC) have developed a set of standards known as the 27000 Family of Standards Information Security Management System. This set of standards, starting with ISO/IEC 27001, allows organizations to certify their security management systems. For more information, see WWW.ISO.ORG. Alternatively, some organizations follow sans 20 Critical Security Controls (www.sans.org/critical-security-controls/) with 20 critical security checks that guide you through a 20-step monitoring process for your organization.