Skip Top Navigation
Who We Are
Leadership
Financials
Government Relations
Judicial Officer
Legal
Our History
Postal Facts
What We're Doing
Transforming Our Business
Current Initiatives
Securing The Mail
Sustainability
Corporate Social Responsibility
Government Services
Postal Customer Council
Service Performance Results
Newsroom
National News
Local News
Testimony & Speeches
Broadcast Downloads
Events Calendar
Photo Gallery
Service Alerts
Careers
Career Opportunities
Working at USPS
Search & Apply
Application Process
Doing Business with Us
Suppliers
Licensing
Rights & Permissions
Auctions
IT Policies, Process & Standards
Public Key Infrastructure
Search
Handbook AS-805-A-Information Resource Certification and Accreditation (C&A) Process - Contents
Handbook AS-805-A-Information Resource Certification and Accreditation (C&A) Process
June 2015
Transmittal Letter
1 Introduction
1-1 About This Handbook
1-2 Purpose of Certification and Accreditation
1-3 Importance of Certification and Accreditation
1-4 Supporting Documentation
2 Roles and Responsibilities
2-1 Chief Inspector
2-2 Executive Vice President and Chief Information Officer
2-3 Vice President, Information Technology
2-4 Manager, Computer Operations
2-5 Manager, Corporate Information Security Office
2-6 Vice Presidents of Functional Business Areas
2-7 Executive Sponsors
2-8 Business Relationship Management Portfolio Managers
2-9 Project Managers
2-10 Chief Privacy Officer
2-11 Certifier
2-12 Accreditor
2-13 Information Systems Security Officers
2-14 Information Systems Security Representatives
2-15 Contracting Officers and Contracting Officer Representatives
2-16 Business Partners
2-17 Disaster Recovery Services
2-18 Functional System Coordinators
2-19 Functional System Gatekeepers
3 Information Designation and Control
3-1 Elements of the Certification and Accreditation Process
3-2 What the Certification and Accreditation Process Applies To
3-3 Frequency of Certification and Accreditation
3-4 Funding
3-5 Certification and Accreditation Core Team
4 Certification and Accreditation Process
4-1 Phase 1 — Initiate and Plan
4-2 Phase 2 — Requirements
4-3 Phase 3 — Design
4-4 Phase 4 — Build
4-5 Phase 5 – System Integration Testing
4-6 Phase 6 – Customer Acceptance Testing
4-7 Phase 7 — Governance Compliance
4-8 Phase 8 — Release and Production
4-9 Phase 9 — Retire
5 Independent Reviews
5-1 Independent Security Code Reviews
5-2 Independent Information Security Risk Assessments
5-3 Independent Vulnerability Scans
5-4 Independent Penetration Testing
5-5 Independent Security Test Validation
6 Re-Initiating the Certification and Accreditation
6-1 Purpose
6-2 Criteria Forcing Security Recertification
6-3 Process
7 Assessment of Offsite Hosted Solutions
7-1 Purpose
7-2 Process
Powered By OneLink