TABLE OF CONTENTS He who has begun, is half done.
Horace
Before you ll be able to start putting together a Certification Package, you ll need to acquire as much information as possible about the systems or applications you ll be certifying. You need to be a good detective, and not lose faith when the details appear unclear. The more information you gather the clearer the details will become. You are about to put together an information technology jigsaw puzzle.
When you begin your C&A project, don t expect everyone who has played a role in developing and administering the application or systems you are certifying to start volunteering information for you to use. You will need to take the initiative to go out and collect as much documentation as you can, and conduct interviews with the appropriate staff. If you are a consultant, first you will need to figure out who the appropriate staff are that you need to talk to. You are going to have to ask a lot of questions. The sponsoring manager that signed you up for completing the C&A is the best person to start this. The sponsoring manager may be the system owner, the ISSO, the contracting officer, or an application development manager.
You first need to figure out who will have knowledge of all the security particularities of the information system. You should start by identifying the people involved. The sponsoring manager should be able to answer a lot of...
