Options

Certification and Accreditation related work?

alexander77alexander77 Member Posts: 54 ■■□□□□□□□□
in IT Jobs / Degrees
We had some people come through our data center and doing a C&A of our system, I don't quite understand the process as I'm new to the infosec area but it sounds like job dealing with mostly paper work. For you guys doing the C&A process as your job, is it interesting? What is the process for doing a whole C&A?
· Share on FacebookShare on Twitter

Comments

  • Options
    da_vatoda_vato Member Posts: 445
    It is a whole lot of paperwork... one of my enclaves that I own has a mission category III which is the least amount of controls to address and that is roughly 150 controls.

    It depends on your C&A structure but it is really auditing to ensure controls are addressed and a suitable action is taken or a suitable plan of action and mitigation (work around) is implemented. Personally I hate doing it because it so boring and time consuming... of course I almost always get an award for doing it.... go figure.
    · Share on FacebookShare on Twitter
  • Options
    GorbyGorby Member Posts: 141
    There's a ton of paperwork in the C&A process, the security team that you saw where probably doing site interviews to ensure the controls are addressed in their documentation as well as on their network.
    · Share on FacebookShare on Twitter
Sign In or Register to comment.