Select Page

Certification and Accreditation

CISSP

  1. Certification
    • Definition: The evaluation of security features and safeguards of an IT system to determine if they meet specified security requirements.
    • Process:
      • Involves a comprehensive evaluation of both technical and nontechnical security aspects.
      • Ensures that the design and implementation of the system align with security requirements.
    • Purpose: Supports the accreditation process by providing an assessment of the security measures in place.
  2. Accreditation
    • Definition: A formal declaration by the Designated Approving Authority (DAA) that an IT system is approved to operate within a particular security mode and at an acceptable level of risk.
    • Process:
      • Follows certification.
      • Involves management formally accepting the security performance of the evaluated system.
    • Types:
      • System Accreditation: Evaluates a major application or general support system.
      • Site Accreditation: Evaluates the applications and systems at a specific, self-contained location.
      • Type Accreditation: Evaluates an application or system that is distributed across multiple locations.

These processes are essential for ensuring that IT systems are secure and compliant with organizational policies and standards before they are approved for operation. Understanding Certification and Accreditation is crucial for managing and mitigating risks associated with IT systems, especially in environments requiring formal security assurance.

Latest Post:

Pin It on Pinterest