Certification

CNSSI 4009

Comprehensive evaluation of the technical and nontechnical security safeguards of an IS to support the accreditation process that establishes the extent to which a particular design and implementation meets a set of specified security requirements.

FIPS 200

A comprehensive assessment of the management, operational, and technical security controls in an information system, made in support of security accreditation, to determine the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting the security requirements for the system.

NIST SP 800-16

A formal process for testing components or systems against a specified set of security requirements. Certification is normally performed by an independent reviewer rather than one involved in building the system. Certification can be part of the review of security controls identified in OMB Circular A-130, Appendix III, which calls for security reviews to assure that management, operational, and technical controls are appropriate and functioning effectively. (See Accreditation.)

NIST SP 800-18r1

A comprehensive assessment of the management, operational, and technical security controls in an information system, made in support of security accreditation, to determine the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting the security requirements for the system. (NIST SP 800-37)

NIST SP 800-26

Certification is synonymous with the term authorize processing. Certification is a major consideration prior to authorizing processing, but not the only consideration. Certification is the technical evaluation that establishes the extent to which a computer system, application, or network design and implementation meets a pre-specified set of security requirements. See also Accreditation and Authorize Processing.

NIST SP 800-37

A comprehensive assessment of the management, operational, and technical security controls in an information system, made in support of security accreditation, to determine the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting the security requirements for the system.

NIST SP 800-40

The comprehensive evaluation of the technical and non-technical security features of a system, made in support of the accreditation process, that establishes the extent to which a particular design and implementation meet a specified set of security requirements.

NIST SP 800-53AdF

A comprehensive assessment of the management, operational, and technical security controls in an information system, made in support of security accreditation, to determine the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting the security requirements for the system. [FIPS 200, NIST SP 800-37]

NIST SP 800-53r1

A comprehensive assessment of the management, operational, and technical security controls in an information system, made in support of security accreditation, to determine the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting the security requirements for the system.

NIST SP 800-53r2

A comprehensive assessment of the management, operational, and technical security controls in an information system, made in support of security accreditation, to determine the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting the security requirements for the system. (FIPS 200, NIST SP 800-37)