Computer science and technology: overview of computer security certification and accreditation
This overview is primarily intended for use by ADP policy managers and information resource managers to become familiar with the approach to computer security certification and accreditation found in Guideline for Computer Security Certification and Accreditation, FIPS PUB 102. ADP technical managers and staff will also find it a useful overview. This overview summarizes how to establish and carry out a program and a technical process for computer security certification and accreditation of sensitive computer applications. The overview identifies and briefly describes the steps involved in performing computer security certification and accreditation; it identifies and briefly discusses important issues in managing a computer security certification and accreditation program; and it identifies and briefly describes the principal functional roles needed within an organization to carry out such a program. Recertification and reaccreditation and its relation to change control are also touched upon. A discussion of evaluation techniques to be used for certification includes risk analysis, EDP audit, VV and T (verification, validation, and testing), and security safeguard reviews. The relation of these to the system lifecycle is indicated.
- Research Organization:
- National Bureau of Standards, Washington, DC (USA). Inst. for Computer Sciences and Technology; System Development Corp., McLean, VA (USA)
- OSTI ID:
- 6191358
- Report Number(s):
- PB-84-217819; NBS-SP-500-109; ON: TI85900184
- Country of Publication:
- United States
- Language:
- English
Similar Records
Role of primary standards, reference materials, and laboratory intercomparisons in an accredited INAA Laboratory
Photovoltaic module certification and laboratory accreditation criteria development