either the current standards or the previous ones. Both of these
               processes are divided into four phases:

               Phase 1: Definition Involves the assignment of appropriate project

               personnel; documentation of the mission need; and registration,
               negotiation, and creation of a System Security Authorization
               Agreement (SSAA) that guides the entire certification and
               accreditation process

               Phase 2: Verification Includes refinement of the SSAA, systems
               development activities, and a certification analysis


               Phase 3: Validation Includes further refinement of the SSAA,
               certification evaluation of the integrated system, development of a
               recommendation to the DAA, and the DAA’s accreditation decision

               Phase 4: Post Accreditation Includes maintenance of the SSAA,
               system operation, change management, and compliance validation

               The NIACAP process, administered by the Information Systems
               Security Organization of the National Security Agency, outlines three
               types of accreditation that may be granted. The definitions of these

               types of accreditation (from National Security Telecommunications
               and Information Systems Security Instruction 1000) are as follows:

                    For a system accreditation, a major application or general support
                    system is evaluated.

                    For a site accreditation, the applications and systems at a specific,
                    self-contained location are evaluated.

                    For a type accreditation, an application or system that is
                    distributed to a number of different locations is evaluated.