Term:Certification

CNSSI 4009

Certification - Comprehensive evaluation of the technical and nontechnical security safeguards of an IS to support the accreditation process that establishes the extent to which a particular design and implementation meets a set of specified security requirements.

DoD 8570.01-M

Certification - Recognition given to individuals who have met predetermined qualifications set by an agency of government, industry, or profession. Certification provides verification of individuals' knowledge and experience through evaluation and approval, based on a set of standards for a specific profession or occupation's functional job levels. Each certification is designed to stand on its own, and represents an individual's mastery of a particular set of knowledge and skills. AP1.3.

DoDD 8570.01

Certification - Recognition given to individuals who have met predetermined qualifications set by an agency of government, industry, or profession. Certification provides verification of individuals' knowledge and experience through evaluation and approval based on a set of standards for specific profession or occupations' functional job levels. Each certification is designed to stand on its own, and represents a certified individual's mastery of a particular set of knowledge and skills. E2.1.3.

DoDD 8581.01

Certification - Comprehensive evaluation of the technical and non- technical security features of an IT system and other safeguards, made in support of the accreditation process, to establish the extent that a particular design and implementation meets a set of specified security requirements ( reference (h)). E2.1.5.

DoDI 8100.03

Certification - Comprehensive evaluation of the technical and non- technical security features of an IT system and other safeguards, made in support of the accreditation process, to establish the extent that a particular design and implementation meets specified security requirements. E2.1.4.

DoDI 8510.01

Certification - For the purpose of this Instruction, a comprehensive evaluation and validation of a DoD IS to establish the degree to which it complies with assigned IA controls based on standardized procedures. E2.10.

DSS Glossary

Certification - Statement to an accrediting authority of the extent to which an automated information system or network meets its security criteria. This statement is made as part of and in support of the accreditation process.

FIPS 201-1

Certification - The process of verifying the correctness of a statement or claim and issuing a certificate as to its correctness.

GAO-09-232G

Certification - A comprehensive assessment of the management, operational, and technical security controls in an information system, made in support of security accreditation, to determine the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting the security requirements for the system.

M-09-29

Certification - A comprehensive assessment of the management, operational, and technical security controls in an information system, made in support of security accreditation, to determine the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting the security requirements of the system.

NIST FIPS 200

Certification - A comprehensive assessment of the management, operational, and technical security controls in an information system, made in support of security accreditation, to determine the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting the security requirements for the system.

NIST IR 7298

Certification - A comprehensive assessment of the management, operational, and technical security controls in an information system, made in support of security accreditation, to determine the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting the security requirements for the system. SOURCE: SP 800-53; FIPS 200

NIST IR 7298

Certification - The process of verifying the correctness of a statement or claim and issuing a certificate as to its correctness. SOURCE: FIPS 201

NIST IR 7328 Draft

Certification - A comprehensive assessment of the management, operational, and technical security controls in an information system, made in support of security accreditation, to determine the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting the security requirements for the system. [FIPS 200, NIST SP 800-37]

NIST SP 800-16

Certification - a formal process for testing components or systems against a specified set of security requirements. Certification is normally performed by an independent reviewer rather than one involved in building the system. Certification can be part of the review of security controls identified in OMB Circular A-130, Appendix III, which calls for security reviews to assure that management, operational, and technical controls are appropriate and functioning effectively. (See Accreditation.)

NIST SP 800-18r1

Certification - A comprehensive assessment of the management, operational, and technical security controls in an information system, made in support of security accreditation, to determine the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting the security requirements for the system. [NIST SP 800-37]

NIST SP 800-26

Certification - Certification is synonymous with the term authorize processing. Certification is a major consideration prior to authorizing processing, but not the only consideration. Certification is the technical evaluation that establishes the extent to which a computer system, application, or network design and implementation meets a pre-specified set of security requirements. See also Accreditation and Authorize Processing.

NIST SP 800-37

Certification - A comprehensive assessment of the management, operational, and technical security controls in an information system, made in support of security accreditation, to determine the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting the security requirements for the system.

NIST SP 800-39 Draft 2

Certification - A comprehensive assessment of the management, operational, and technical security controls in an information system, made in support of security accreditation, to determine the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting the security requirements for the system. [FIPS 200, NIST SP 800-37]

NIST SP 800-40

Certification - The comprehensive evaluation of the technical and non- technical security features of a system, made in support of the accreditation process, that establishes the extent to which a particular design and implementation meet a specified set of security requirements.

NIST SP 800-53A

Certification - A comprehensive assessment of the management, operational, and technical security controls in an information system, made in support of security accreditation, to determine the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting the security requirements for the system. [FIPS 200, NIST SP 800-37]

NIST SP 800-53r1

Certification - A comprehensive assessment of the management, operational, and technical security controls in an information system, made in support of security accreditation, to determine the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting the security requirements for the system.

NIST SP 800-53r2

Certification - A comprehensive assessment of the management, operational, and technical security controls in an information system, made in support of security accreditation, to determine the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting the security requirements for the system. [FIPS 200, NIST SP 800-53r237]

NIST SP 800-60r1V1

Certification - A comprehensive assessment of the management, operational, and technical security controls in an information system, made in support of security accreditation, to determine the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting the security requirements for the system. [FIPS 200, NIST SP 800-37]

NIST SP 800-60r1V2

Certification - A comprehensive assessment of the management, operational, and technical security controls in an information system, made in support of security accreditation, to determine the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting the security requirements for the system. [FIPS 200, NIST SP 800-37]

NIST SP 800-82 Final Draft

Certification - A comprehensive assessment of the management, operational, and technical security controls in an information system, made in support of security accreditation, to determine the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting the security requirements for the system.[NIST SP 800-37, Guide for Security Certification and Accreditation of Federal Information Systems, May 2004.]

NSTISSI 1000

Certification - Comprehensive evaluation of the technical and nontechnical security features of an IS and other safeguards, made in support of the accreditation process, to establish the extent to which a particular design and implementation meets a set of specified security requirements.