CERTIFICATION AND ACCREDITATION

OF INFORMATION SYSTEMS

DM 3555-000

 

TABLE OF CONTENTS

 

                                            

   Page

 

Chapter 11 – General Information

 

1          Purpose                                                                     2

2          Cancellation                                                           2

3          References                                                               2

4          Scope                                                                        3

5          Abbreviations                                                         3

6          Definitions and Terms                                           3

 

3555-001

Part 1 – Certification and Accreditation Methodology

 

1          Background                                                            4

2          Policy                                                                         4

3          Procedures                                                               6         

4          Responsibilities                                                        7

 

Appendices

 

A         USDA Certification and Accreditation Guide

B          Privacy Impact Assessment

C         System of Records Notice Guidance

D         Interconnection Security Agreement

 

 

 

 

U.S. DEPARTMENT OF AGRICULTURE

WASHINGTON, D.C. 20250

 

 

DEPARTMENTAL MANUAL

 

Number:

3555-000

 

SUBJECT:

Certification and Accreditation

 

 

DATE:

October 18, 2005 

 

OPI:

OCIO, Cyber Security

 

        

CHAPTER 11

GENERAL INFORMATION

 

 

1          PURPOSE

           

            This Departmental Manual Chapter established the

            Certification and Accreditation (C&A) methodology within

USDA.  Specifically it creates C&A policy and a standard

            process with general tasks to certify and accredit Information

            Technology (IT) systems supporting USDA’s mission.

 

2          CANCELLATION

 

This Departmental Manual chapter will be in effect until superseded.

 

 

3          REFERENCES

 

E-Government Act of 2002, Pub. L. No. 107-347, 44 U.S.C. 3531 et seq., Title III, Federal Information Security Management Act (FISMA);

 

Privacy Act, as Amended, 5 U.S.C. 552a;

 

USDA Privacy Act Implementation, 7 C.F.R. 11 et seq;

 

OMB Circular A-130, Appendix III, Security of Federal Automated Information Resources;

 

NIST Special Publication 800-18, Guide for Developing Security

Plans for Information Technology Systems;

NIST Special Publication 800-30, Risk Management Guide for Information Technology Systems;


NIST Special Publication 800-37, Guidelines for the Security

Certification and Accreditation of Federal Information

Technology Systems; and

 

Cyber Security Manual, DM 3500.

 

 

4          SCOPE

 

This manual applies to all USDA agencies, programs, teams, organizations, appointees, employees and other activities.

 

 

5          ABBREVIATIONS

 

See USDA Certification and Accreditation Guide, Appendix A – Acronyms, Table A-2

 

 

6          DEFINITIONS AND TERMS

 

See USDA Certification and Accreditation Guide, Appendix A – Glossary of Terms, A-1