Accreditation
The IS Security Office provides technical support to the
Commanding Officer, Naval Research Laboratory for the
accreditation of ISs in
accordance
with the Department of NAVY (DON) IS Security Program
(SECNAVINST
5239.2). The accreditation of a system by the IS security
office
for use in classified or unclassified but sensitive processing
certifies that the system examined is configured in compliance
with
relevant NRL guidelines.
Using the risk management approach to evaluate an IS's security
posture, the NRL IS Security Office considers Risk Analysis
(RA),
Contingency Planning (CP) and Security Test & Evaluation (ST&E)
for
each IS. Risk Management is an ongoing process that will
periodically reaffirm the validity of the previous accreditation
throughout the life of the IS. The IS Security Officer
supports
the NRL's risk management program by performing the following
tasks:
-
- - development and maintenance of the NRL accreditation
schedule.
- - Perform a risk assessment and analysis by analyzing threats
to the ADP and vulnerabilities to the IS in relationship to the
sensitivity of the data processed by the IS.
- - Ensure a contingency plan is in place for the continuity of
operations in an emergency situation and that the developed plans
are exercised.
- -Ensure that required countermeasures are implemented.
- -Ensure that security tests, TEMPEST tests, and other
inspections are conducted as required.
- - Perform technical review for security-related waiver
requests.