ERIC Number: ED247897
Record Type: RIE
Publication Date: 1984-Apr
Reference Count: 0
Overview of Computer Security Certification and Accreditation. Final Report.
Ruthberg, Zella G.; Neugent, William
Primarily intended to familiarize ADP (automatic data processing) policy and information resource managers with the approach to computer security certification and accreditation found in "Guideline to Computer Security Certification and Accreditation," Federal Information Processing Standards Publications (FIPS-PUB) 102, this overview summarizes an approach to developing a program and performing a technical process for certification and accreditation of sensitive computer applications. The steps involved in the process are briefly identified and described, as are program management issues and the principal functional roles needed within an organization to carry out such a program. Recertification and reaccreditation and their relation to change control are also touched upon. A discussion of evaluation techniques to be used for certification includes risk analysis, EDP audit (a subdivision of internal audit), VV&T (verification, validation, and testing), and security safeguard reviews. The relation of these techniques to the system lifecycle is indicated. (Author/LMM)
Descriptors: Administrative Organization, Certification, Computers, Guidelines, Management Information Systems, Program Development, Program Evaluation, Program Implementation, Standards, Systems Development
Superintendent of Documents, U.S. Government Printing Office, Washington, DC 20402.
Publication Type: Guides - General; Reports - Descriptive
Education Level: N/A
Authoring Institution: National Bureau of Standards (DOC), Washington, DC. Inst. for Computer Sciences and Technology.
Identifiers: Computer Security