System Certification and Accreditation

Previous page
Table of content
Next page

System certification is a formal methodology for comprehensive testing and documentation of information system security safeguards, both technical and nontechnical, in a given environment using established evaluation criteria (TCSEC).

Accreditation is an official, written approval for the operation of a specific system in a specific environment as documented in the certification report. Accreditation is normally granted by a senior executive or Designated Approving Authority (DAA). The term DAA is used in the U.S. military and government and is normally a senior official, such as a commanding officer.

System certification and accreditation must be updated when any changes are made to the system or environment and must also be periodically revalidated, which typically happens every three years.

The certification and accreditation process has been formally implemented in U.S. military and government organizations as the Defense Information Technology Security Certification and Accreditation Process (DITSCAP) and National Information Assurance Certification and Accreditation Process (NIACAP), respectively.

DITSCAP

The Defense Information Technology Security Certification and Accreditation Process (DITSCAP) formalizes the certification and accreditation process for U.S. DoD information systems through four distinct phases:

  1. Definition: In this phase, security requirements are determined by defining the organization and system’s mission, environment, and architecture.

  2. Verification: This phase ensures that a system undergoing development or modification remains compliant with the System Security Authorization Agreement (SSAA), which is a baseline security configuration document.

  3. Validation: This phase confirms compliance with the SSAA.

  4. Post-accreditation: This phase represents ongoing activities required to maintain compliance and address new and evolving threats throughout a system’s life cycle.

NIACAP

The National Information Assurance Certification and Accreditation Process (NIACAP) formalizes the certification and accreditation process for U.S. government national security information systems. NIACAP consists of four phases (Definition, Verification, Validation, and Post-accreditation) that generally correspond to the DITSCAP phases. Additionally, NIACAP defines three types of accreditation:

  • Site accreditation: In this phase, all applications and systems at a specific location are evaluated.

  • Type accreditation: In this phase, a specific application or system for multiple locations is evaluated.

  • System accreditation: In this phase, a specific application or system at a specific location is evaluated.



Previous page
Table of content
Next page
CISSP For Dummies
CISSP For Dummies
ISBN: 0470537914
EAN: 2147483647
Year: 2004
Pages: 242
Authors: Lawrence C. Miller, Peter H. Gregory CISA CISSP
BUY ON AMAZON
Kanban Made Simple: Demystifying and Applying Toyotas Legendary Manufacturing Process
Secure Programming Cookbook for C and C++: Recipes for Cryptography, Authentication, Input Validation & More
C++ How to Program (5th Edition)
Practical Intrusion Analysis: Prevention and Detection for the Twenty-First Century: Prevention and Detection for the Twenty-First Century
Service-Oriented Architecture (SOA): Concepts, Technology, and Design
Microsoft Visual Basic .NET Programmers Cookbook (Pro-Developer)
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy