Information Assurance—Certification & Accreditation Transformation (IA C&A)
Information Assurance (IA) is the practice of managing information-related risks.
C&A stands for Certification and Accreditation.
The US Government's definition of information assurance is:
“measures that protect and defend information and information systems by ensuring their availability, integrity, authentication, confidentiality, and non-repudiation. These measures include providing for restoration of information systems by incorporating protection, detection, and reaction capabilities.”
This page provides details of the Definitive Guide to the C&A Transformation across the National Security Community.
The IA C&A transformation is a partnership that stretches across the Department of Defense, Office of National Intelligence, Committee on National Security Systems, National Institute of Science and Technology, and the Office of Management and Budget.
IT Governance has published a book that covers this area in great detail.
The Definitive Guide to the C&A Transformation
The Definitive Guide to the C&A Transformation provides an authoritative guide to authorization for those with knowledge of information systems and/or information systems security but not necessarily the same level of expertise with certification and accreditation (C&A) standards and best practices. It points to references for further knowledge.
The book is scoped to present the information needed to meaningfully recognize, implement, and manage authorization requirements and achieve compliance with federal, local, and agency laws and policies.
This book provides a useful authorization-process reference for security practitioners, system administrators, managers, standards developers, evaluators, testers, and those who just want to be knowledgeable about the establishment and sustainment of a secure information environment.
For over three decades, the authors of this book have been deeply involved in developing C&A policy and, even more importantly, in actually providing hands-on help to organizations—ranging from large federal agencies to commercial entities—successful navigate the C&A process.