Certification Levels for NIACAP

BFED.

NIACAP (National Information Assurance Certification and Accreditation Process) is a US Department of Defense standard used to assess and certify information systems for their security posture. It is a formal process for evaluating and accrediting information systems that handle sensitive and classified information.

NIACAP provides a set of guidelines for evaluating and certifying an information system's security posture, which includes five certification levels that can be recommended by the certifier:

A. Basic System Review: This level of certification involves a minimal review of the system's security controls to ensure that they meet the basic security requirements. This level is recommended for systems that do not process or store sensitive information and have minimal impact on the mission.

B. Basic Security Review: This level of certification involves a more comprehensive review of the system's security controls to ensure that they meet the basic security requirements. This level is recommended for systems that process or store sensitive information but have a limited impact on the mission.

C. Maximum Analysis: This level of certification involves a comprehensive review of the system's security controls to ensure that they meet the maximum security requirements. This level is recommended for systems that process or store highly sensitive information and have a significant impact on the mission.

D. Comprehensive Analysis: This level of certification involves a thorough review of the system's security controls to ensure that they meet the highest security requirements. This level is recommended for systems that process or store extremely sensitive information and have a critical impact on the mission.

E. Detailed Analysis: This level of certification involves an extensive review of the system's security controls to ensure that they meet the most stringent security requirements. This level is recommended for systems that process or store top-secret information and have a vital impact on the mission.

F. Minimum Analysis: This level of certification involves a basic review of the system's security controls to ensure that they meet the minimum security requirements. This level is recommended for systems that have a low impact on the mission and do not process or store sensitive information.

In summary, the recommended certification level for a system depends on the sensitivity of the information it processes or stores, and the potential impact of a security breach on the mission. The higher the sensitivity and impact, the more comprehensive the certification level should be.