Computer systems in the federal government must demonstrate that they are secure. The process is known as accreditation and the goal is to receive an Authority to Operate (ATO). The ATO allows the system to be put into production for use by the federal workforce. While the process is specific to federal systems, state and local governments usually have similar requirements and most commercial companies have similar security reviews before releasing new systems.
The foundation of the process is governed by the Risk Management Framework described in the National Institute of Standards and Technology (NIST) Special Publication (SP) 800-37. The Risk Management Framework has a seven-step process authorizing a system:
This article has been indexed from DZone Security Zone