An officially sanctioned guide, this volume demonstrates the effectiveness of certification and accreditation (C&A) as a risk management methodology for IT systems in public and private organizations. It provides security professionals with an overview of C&A components, showing them how to document the status of IT security controls and secure systems via standard, repeatable processes. The book begins with a description of what it takes to build a C&A program, followed by an analysis of various C&A processes. The text then provides a case study of the successful C&A implementation in a major U.S. government department. It offers a collection of samples in the appendices.