Courses

Courses

S50 - Certification and Accreditation (C&A;): Achieving Confidence and Accountability
(1 day)

Course Description
Outline
Audience
Course Level
 Prerequisite(s)
Special Notes(s)
Additional Readings/URLs
Date(s)
Fee

Course Description

The Government Security Policy (GSP) mandates that departments certify and accredit all IT systems prior to operation. Certification, the actual verification of security functionality, aims to support accreditation, which is the management decision to accept any remaining risks. This course examines the C&A; processes for evaluating system safeguards and establishing accountability for their implementation.

Top of Page | Haut de la page
Outline
  • Review the rationale for C&A;
  • Develop a certification plan
  • Assemble a certification team
  • Validate system security requirements
  • Verify safeguard implementation
  • Prepare a certification report
  • Assign accreditation authority
  • Issue the accreditation decision
  • Recertify and reaccredit as necessary
Top of Page | Haut de la page
Audience
Business planners and project managers, as well as IT practitioners and IT security specialists in both the public and private sectors.
Top of Page | Haut de la page
Course Level
Intermediate

Recommended preparation: Course S33 - Introduction to Information Technology Security: The Management and Technology of Cyber Protection, or equivalent.
Top of Page | Haut de la page
Prerequisite(s)
None
Top of Page | Haut de la page
Special Note(s)
None
Top of Page | Haut de la page
Additional Readings/Instructor-suggested URLs
Treasury Board Secretariat
  • Government Security Policy
  • Management of Information Technology Security (MITS)
http://www.tbs-sct.gc.ca/pubs_pol/gospubs/TBM_12A/siglist_e.asp

Communications Security Establishment
A Guide to Security Risk Management for IT Systems (MG-2)
http://www.cse-cst.gc.ca/publications/gov-pubs/itsg/mg2-e.html

A Guide to Risk Assessment and Safeguard Selection for IT Systems (MG-3)
http://www.cse-cst.gc.ca/publications/gov-pubs/itsg/mg3-e.html

A Guide to Certification and Accreditation for IT Systems (MG-4)
http://www.cse-cst.gc.ca/publications/gov-pubs/itsg/mg4-e.html

Threat and Risk Assessment Working Guide (ITSG-04)
http://www.cse-cst.gc.ca/publications/gov-pubs/itsg/itsg04-e.html

National Institute of Standards and Technology
Guide to Information Technology Security Services
(Special Publication 800-35) / PDF
http://csrc.nist.gov/publications/nistpubs/800-35/NIST-SP800-35.pdf

Guide for the Security Certification and Accreditation of Federal Information Technology Systems
(Special Publication 800-37) / PDF
http://csrc.nist.gov/publications/nistpubs/800-37/SP800-37-final.pdf

Security Requirements for Cryptographic Modules (FIPS 140-2)
http://csrc.nist.gov/cryptval/

Common Criteria
http://www.commoncriteriaportal.org
Top of Page | Haut de la page
Date(s) (E) = English (F) = French  
January 16, 2006 (F)
February 6, 2006 (E)
Top of Page | Haut de la page
Fee
To be determined by The Institute (PWGSC). See their website to register and for additional information: www.pwgsc.gc.ca/institute/text/sec02-e.html
Top of Page | Haut de la page