Certification

Definitions[]

General[]

Certification is:

“

[t]he process of verifying the correctness of a statement or claim and issuing a certificate as to its correctness.^[1]

”

“

[t]he process of establishing the qualifications of licensed professionals (e.g. physicians and teachers), organizational members, or organizations, and assessing their background and legitimacy.

”

“

(1) A written guarantee that a system or component complies with its specified requirements and is acceptable for operational use. For example, a written authorization that a computer system is secure and is permitted to operate in a defined environment. (2) A formal demonstration that a system or component complies with its specified requirements and is acceptable for operational use. (3) The process of confirming that a system or component complies with its specified requirements and is acceptable for operational use.^[2]

”

Security[]

Certification is:

“

[a] comprehensive assessment of the management, operational, and technical security controls in an information system, made in support of security accreditation, to determine the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting the security requirements for the system.^[3]

”

“

[a] [c]omprehensive evaluation of the technical and non-technical security features of an IT system and other safeguards, made in support of the accreditation process, to establish the extent that a particular design and implementation meets a set of specified security requirements.^[4]

”

Certification primarily addresses software and hardware security safeguards; considers procedural, physical, and personnel security measures; and establishes the extent to which a particular design and implementation meets a specified set of security requirements.

Software[]

Certification is

“

[t]he acceptance of software by an authorized agent, usually after the software has been validated by the agent or its validity has been demonstrated to the agent.^[5]

”

U.S. copyright law[]

Certification is

“

1) The act of signing an application to register a work with the U.S. Copyright Office. The individual who signs the application certifies that the information provided therein is correct to the best of his or her knowledge.

2) The preparation of a statement under the seal of the U.S. Copyright Office attesting to the authenticity of a record or report based on a search of the Office's records; a type of copyright service available for a fee.^[6]

”

References[]

↑ FIPS 201.
↑ Information Technology: An Audit Guide For Assessing Acquisition Risks, Glossary, at 89.
↑ FIPS 200; NIST Special Publication 800-37.
↑ DoD Instruction 5200.40, at 8-9 (E2.1.8).
↑ Auditing and Financial Management: Glossary of EDP Terminology, at 3.
↑ Compendium of U.S. Copyright Office Practices, Third Edition, Glossary, at 2-3.

[1] FIPS 201.

[2] Information Technology: An Audit Guide For Assessing Acquisition Risks, Glossary, at 89.

[3] FIPS 200; NIST Special Publication 800-37.

[4] DoD Instruction 5200.40, at 8-9 (E2.1.8).

[5] Auditing and Financial Management: Glossary of EDP Terminology, at 3.

[6] Compendium of U.S. Copyright Office Practices, Third Edition, Glossary, at 2-3.

[1]

[2]

[3]

[4]

[5]

[6]