CA-4 — Security Certification

This control has been withdrawn and incorporated into CA-2 (Control Assessments). Security certification activities are now handled as part of the broader assessment process.

Example 1: Instead of a separate certification step, include certification-level rigor in your CA-2 assessment plan by using NIST SP 800-53A assessment procedures.

Example 2: Use your organization's eMASS or GRC platform to track the assessment and authorization workflow in one unified process rather than treating certification separately.