IT Architecture For Dummies
Book image
Explore Book Buy On Amazon
System certification is a formal methodology for comprehensive testing and documentation of information system security safeguards, both technical and nontechnical, in a given environment by using established evaluation criteria (the TCSEC).

Accreditation is an official, written approval for the operation of a specific system in a specific environment, as documented in the certification report. Accreditation is normally granted by a senior executive or Designated Approving Authority (DAA). The term DAA is used in the U.S. military and government. A DAA is normally a senior official, such as a commanding officer.

System certification and accreditation must be updated when any changes are made to the system or environment, and they must also be periodically revalidated, which typically happens every three years.

The certification and accreditation process has been formally implemented in U.S. military and government organizations as the Defense Information Technology Security Certification and Accreditation Process (DITSCAP) and National Information Assurance Certification and Accreditation Process (NIACAP), respectively. U.S. government agencies utilizing cloud-based systems and services are required to undergo FedRAMP certification and accreditation processes. These important processes are used to make sure that a new (or changed) system has the proper design and operational characteristics, and that it's suitable for a specific task.

About This Article

This article is from the book:

About the book authors:

Kalani Kirk Hausman is an IT consultant, enterprise architect, auditor, and ISO. He conducts research on integrating 3D-printed materials into educational curricula. Susan L. Cook is the assistant director of infrastructure services at Lamar State College in Port Arthur and a former compliance auditor.

This article can be found in the category: