The IT Law Wiki

Certification and accreditation

32,081pages on
this wiki
Add New Page
Add New Page Talk0

Definition Edit

Certification and accreditation (C&A) is

[a] comprehensive assessment of the management, operational, and technical security controls in an information system, made in support of security accreditation, to determine the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting the security requirements for the system. Accreditation is the official management decision given by a senior agency official to authorize operation of an information system and to explicitly accept the risk to agency operations (including mission, functions, image, or reputation), agency assets, or individuals, based on the implementation of an agreed-upon set of security controls.[1]

References Edit

  1. NIST Special Publication 800-37.

Also on Fandom

Random Wiki