Course Description:
This course examines the information security certification and accreditation principles leading to
final Approval to Operate (ATO) an information system. The course examines roles, responsibilities,
documentation, organizational structure, directives, and reporting requirements to support the Designated
Accrediting Authority (DAA) in approving the security control functionality level of an information system
and granting ATO at a specified level of trust. The course provides an overview of DOD and Federal
department and agency certification and accreditation processes (e.g., Defense Information Assurance
Certification and Accreditation Process; NIST Certification and Accreditation Process), information
assurance acquisition management, and system security architecture considerations.

Recommended Attendance:
This course is appropriate for senior system managers, information system certification and accreditation managers, and program managers who are responsible for participating in the certification and accreditation process for delivery of ATO documentation to the DAA. 

Prerequisites
None; however, students who have no information assurance background should take Information
Assurance and Critical Infrastructure Protection (AII) before taking this course.

Learning Outcomes
Students will be able to document a certification and accreditation plan, present and justify the plan to senior management for approval, and develop a systems security authorization agreement for their organization.