Definitions[edit | edit source]
General[edit | edit source]
|“||[t]he process of verifying the correctness of a statement or claim and issuing a certificate as to its correctness.||”|
|“||[t]he process of establishing the qualifications of licensed professionals (e.g. physicians and teachers), organizational members, or organizations, and assessing their background and legitimacy.||”|
|“||(1) A written guarantee that a system or component complies with its specified requirements and is acceptable for operational use. For example, a written authorization that a computer system is secure and is permitted to operate in a defined environment. (2) A formal demonstration that a system or component complies with its specified requirements and is acceptable for operational use. (3) The process of confirming that a system or component complies with its specified requirements and is acceptable for operational use.||”|
Security[edit | edit source]
|“||[a] comprehensive assessment of the management, operational, and technical security controls in an information system, made in support of security accreditation, to determine the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting the security requirements for the system.||”|
|“||[a] [c]omprehensive evaluation of the technical and non-technical security features of an IT system and other safeguards, made in support of the accreditation process, to establish the extent that a particular design and implementation meets a set of specified security requirements.||”|
Certification primarily addresses software and hardware security safeguards; considers procedural, physical, and personnel security measures; and establishes the extent to which a particular design and implementation meets a specified set of security requirements.
Software[edit | edit source]
|“||[t]he acceptance of software by an authorized agent, usually after the software has been validated by the agent or its validity has been demonstrated to the agent.||”|
U.S. copyright law[edit | edit source]
References[edit | edit source]
- FIPS 201.
- Information Technology: An Audit Guide For Assessing Acquisition Risks, Glossary, at 89.
- FIPS 200; NIST Special Publication 800-37.
- DoD Instruction 5200.40, at 8-9 (E2.1.8).
- Auditing and Financial Management: Glossary of EDP Terminology, at 3.
- Compendium of U.S. Copyright Office Practices, Third Edition, Glossary, at 2-3.