Table of Contents

EXECUTIVE SUMMARY

CHAPTER 1 INTRODUCTION

1.1 PURPOSE AND APPLICABILITY

1.2 SYSTEM DEVELOPMENT LIFE CYCLE

1.3 ORGANIZATION OF THIS SPECIAL PUBLICATION

CHAPTER 2 THE FUNDAMENTALS

2.1 SECURITY CERTIFICATION AND ACCREDITATION

2.2 ROLES AND RESPONSIBILITIES

2.3 ACCREDITATION BOUNDARIES

2.4 COMMON SECURITY CONTROLS

2.5 ACCREDITATION DECISIONS

2.6 SUPPORTING DOCUMENTATION

2.7 CONTINUOUS MONITORING

CHAPTER 3 THE PROCESS

3.1 INITIATION PHASE

3.2 SECURITY CERTIFICATION PHASE

3.3 SECURITY ACCREDITATION PHASE

3.4 CONTINOUS MONITORING PHASE

APPENDIX A REFERENCES

APPENDIX B GLOSSARY

APPENDIX C ACRONYMS

APPENDIX D SUMMARY OF PHASES AND RESPONSIBILITIES

APPENDIX E SAMPLE TRANSMITTAL AND DECISION LETTERS