Primarily intended to familiarize ADP (automatic data processing) policy and information resource managers with the approach to computer security certification and accreditation found in "Guideline to Computer Security Certification and Accreditation," Federal Information Processing Standards Publications (FIPS-PUB) 102, this overview summarizes an approach to developing a program and performing a technical process for certification and accreditation of sensitive computer applications. The steps involved in the process are briefly identified and described, as are program management issues and the principal functional roles needed within an organization to carry out such a program. Recertification and reaccreditation and their relation to change control are also touched upon. A discussion of evaluation techniques to be used for certification includes risk analysis, EDP audit (a subdivision of internal audit), VV&T (verification, validation, and testing), and security safeguard reviews. The relation of these techniques to the system lifecycle is indicated. (Author/LMM)