Certification and Accreditation

Certification and Accreditation

Certification and Accreditation (C&A or CnA) is a process for implementing information security. It is a systematic procedure for evaluating, describing, testing and authorizing systems prior to or after a system is in operation. The C&A process is used extensively in the U.S. Federal Government. Some C&A processes include FISMA, NIACAP, DIACAP and DCID 6/3.

NIST Special Publication 800-37, "Guide for Applying the Risk Management Framework to Federal Information Systems," transforms the traditional Certification and Accreditation (C&A) process into the six-step Risk management framework (RMF).

Definitions

Certification is a comprehensive evaluation of the technical and non-technical security controls (safeguards) of an information system to support the accreditation process that establishes the extent to which a particular design and implementation meets a set of specified security requirements.[1]

Accreditation is the formal declaration by a senior agency official (Designated Accrediting Authority (DAA) or Principal Accrediting Authority (PAA)) that an information system is approved to operate at an acceptable level of risk, based on the implementation of an approved set of technical, managerial, and procedural security controls (safeguards).

References

  1. ^ National Information Assurance Glossary (CNSS Instruction 4009), Published by the Committee on National Security Systems (CNSS) Working Group, 26 April 2010

External links


Wikimedia Foundation. 2010.

Игры ⚽ Поможем решить контрольную работу

Look at other dictionaries:

  • National Information Assurance Certification and Accreditation Process — The National Information Assurance Certification and Accreditation Process (NIACAP) is the minimum standard process for the certification and accreditation of computer and telecommunications systems that handle U.S. national security information …   Wikipedia

  • Department of Defense Information Assurance Certification and Accreditation Process — The DoD Information Assurance Certification and Accreditation Process (DIACAP) is the United States Department of Defense (DoD) process to ensure that risk management is applied on information systems (IS). DIACAP defines a DoD wide formal and… …   Wikipedia

  • Department of Defense Information Technology Security Certification and Accreditation Process — The Department of Defense Information Assurance Certification and Accreditation Process (DIACAP) is a process defined by the United States Department of Defense (DoD) for managing risk. DIACAP replaced the former process, known as DITSCAP… …   Wikipedia

  • DOD Information Assurance Certification and Accreditation Program — DOD Information Assurance Certification and Accreditation Program, or DIACAP, is the United States Department of Defense Information Assurance Certification and Accreditation Program. An interim version of the DIACAP was signed July 6, 2006 and… …   Wikipedia

  • Certification of voting machines — Election technology Certification of voting machines Independent Testing Authority (ITA) NVLAP VVSG End to end auditable voting systems Help America Vote Act Indepen …   Wikipedia

  • List of recognized accreditation associations of higher learning — Accreditation is a certification of the academic quality of an institution of higher learning. Some countries have independent/private organizations that oversee the educational accreditation process, while other countries accredit through a… …   Wikipedia

  • Certification listing — A certification listing is a document used to guide installations of certified products against which a field installation is compared (see Listing and approval use and compliance) to make sure that it complies with a regulation, such as a… …   Wikipedia

  • Certification — Certified redirects here. For other uses, see Certified (disambiguation). Certification refers to the confirmation of certain characteristics of an object, person, or organization. This confirmation is often, but not always, provided by some form …   Wikipedia

  • Accreditation — is a process in which is certification of competency, authority, or credibility is presented. Organizations that issue credentials or certify third parties against official standards are themselves formally accredited by accreditation bodies… …   Wikipedia

  • List of unrecognized accreditation associations of higher learning — This is a list of entities that have been identified as accreditors of higher education institutions, but that lack necessary legal authority or government recognition to provide such educational accreditation. Rules for educational accreditation …   Wikipedia

Share the article and excerpts

Direct link
Do a right-click on the link above
and select “Copy Link”