Someone recently asked for a list of links to learn more about the C&A processes. This list was created by Jeffrey Widom. (Thank you Jeffrey.)
Jeffrey Widom's Top Ten List — IA Resources Online
10. DoD IA Training
Online training provided by the Defense Information Systems
Agency; includes a brief DIACAP overview.
9. DSS
Defense Security Service web site for the National
Industrial Security Program. This information mostly concerns contractors
handling clearances, classified documents, and/or classified computer systems
on their premises.
8. DISA (NIPRnet/SIPRnet)
Defense Information System Agency web site for Secret
Internet Protocol Router Network (SIPRNet) and
Non-classified Internet Protocol Router Network (NIPRNet)
connection approval processes.
7. CNSS
Web site for the Committee on National Security Systems, including
numerous publications. CNSS Instruction 4009, the National Information
Assurance Glossary, was recently revised and is available for download. CNSS
Instruction 1253 provides requirements for National Security Systems.
6. OMB Memoranda
Web site for Office of Management and Budget (OMB)
Memoranda, including those that address security, privacy and FISMA
requirements.
5. STIGs
Defense Information Systems Agency web site for Security
Technical Implementation Guides (STIGs), Security Checklists, and Security Readiness
Review (SRR) scripts. STIGs contain detailed configuration guidance for
operating systems, databases, web servers, wireless systems, etc., and are
mandatory for all DoD information systems. SRR scripts are automated tools that
assist in validating STIG compliance.
4. DIACAP Knowledge Service
Official Department of Defense web site for DIACAP. Common
Access Card (or commercial certificate and DoD employee sponsor) required for
access.
3. DoD Directives
Official Department of Defense web site for DoD Issuances
including Directives, Instructions, Publications, Administrative Instructions,
and Directive-Type Instructions.
2. FIPS
Official NIST web site for Federal Information Processing
Standards (FIPS). FIPS Publications are issued by NIST after approval by the
Secretary of Commerce pursuant to Section 5131 of the Information Technology
Reform Act of 1996 (Public Law 104-106) and the Federal Information Security
Management Act of 2002 (Public Law 107-347).
1. NIST Special Publications
Official NIST web site for Special Publications. Special
Publications in the 800 series present documents of general interest to the computer
security community. Special Publications include documentation of the new Risk
Management Framework (RMF) that will (hopefully) become the standard for all
federal information systems.