National Information Assurance Certification and Accreditation Process
The National Information Assurance Certification and Accreditation Process (NIACAP) formerly was the minimum-standard process for the certification and accreditation of computer and telecommunications systems that handle U.S. national-security information. NIACAP was derived from the Department of Defense Certification and Accreditation Process (DITSCAP), and it played a key role in the National Information Assurance Partnership.
The Committee on National Security Systems (CNSS) Policy (CNSSP) No. 22 dated January 2012 cancelled CNSS Policy No. 6, “National Policy on Certification and Accreditation of National Security Systems,” dated October 2005, and National Security Telecommunications and Information Systems Security Instruction (NSTISSI) 1000, “National Information Assurance Certification and Accreditation Process (NIACAP),” dated April 2000. CNSSP No. 22 also states that "The CNSS intends to adopt National Institute of Standards and Technology (NIST) issuances where applicable. Additional CNSS issuances will occur only when the needs of NSS are not sufficiently addressed in a NIST document. Annex B identifies the guidance documents, which includes NIST Special Publications (SP), for establishing an organization-wide risk management program." It directs the organization to make use of NIST Special Publication 800-37, which implies that the Risk management framework (RMF) STEP 6 – AUTHORIZE INFORMATION SYSTEM replaces the Certification and Accreditation process for National Security Systems, just as it did for all other areas of the Federal government who fall under SP 800-37 Rev. 1.
References
[edit]- "National Policy on Certification and Accreditation of National Security Systems" (PDF). Archived from the original (PDF) on August 7, 2008. Retrieved December 30, 2009.
- "National Information Assurance Certification and Accreditation Process (NIACAP)" (PDF). Archived from the original (PDF) on October 6, 2008. Retrieved December 30, 2009.
- Committee on National Security Systems (2012), Committee on National Security Systems (CNSS) Policy (CNSSP) No. 22: Policy on Information Assurance Risk Management for National Security Systems, Washington, D.C.: Committee on National Security Systems
- JOINT TASK FORCE TRANSFORMATION INITIATIVE (2010), NIST Special Publication 800-37 Revision 1, Guide for Applying the Risk Management Framework to Federal Information Systems: A Security Life Cycle Approach, Washington, D.C.: Computer Security Division, Information Technology Laboratory, National Institute of Standards and Technology, U.S. Department of Commerce, doi:10.6028/NIST.SP.800-37r1