Guideline for Computer Security Certification and Accreditation

Get BibTex-formatted data

Author

US Department of Commerce

Entry type

techreport

Abstract

This Guideline is intended for use by ADP managers and technical staff in establishing and carrying out a program and a technical process for computer security certification and accreditation of sensitive computer applications. It identifies and describes the steps involved in performing computer security certification and accreditation; it identifies and discusses important issues in managing a computer security certification and accreditation; it identifies and discusesses the principal functional roles needed within an organization to carry out such a program; and it contains sample outlines of an Application Certification Plan and a Security Evaluation Report as well as a sample Accreditation Statement and sensitivity classification scheme. A discussion of recertification and reaccreditation and its relation to change control is also included. The Guideline also relates certification and accreditation to risk analysis, EDP audit, validation, verification and testing (VV&T), and the system life cycle. A comprehensive list of references is included.

Date

1983 – September – 27

Institution

US Department of Commerce / National Bureau of Standards

Key alpha

commerce

Number

FIPS PUB 102

Publication Date

0000-00-00

Coden

FIPPAT

Keywords

accreditation, certification, certification/accreditation management, certification/accreditation process, certification/accreditation program, computer security evaluation, EDP audit, Federal Information Processing Standards Publication, recertification/reaccreditation, risk analysis, sensitive computer application, sensitive classification, validation, verification and testing (VV&T)

Location

A hard-copy of this is in Haas

BibTex-formatted data

To refer to this entry, you may select and copy the text below and paste it into your BibTex document. Note that the text may not contain all macros that BibTex supports.

@Techreport{ commerce,
	title = "Guideline for Computer Security Certification and Accreditation",
	author = "US Department of Commerce",
	year = "1983",
	month = "September",
	institution = "US Department of Commerce / National Bureau of Standards",
	number = "FIPS PUB 102",
	day = "27",
	abstract = "This Guideline is intended for use by ADP managers and technical staff in establishing and carrying out a program and a technical process for computer security certification and accreditation of sensitive computer applications.  It identifies and describes the steps involved in performing computer security certification and accreditation; it identifies and discusses important issues in managing a computer security certification and accreditation; it identifies and discusesses the principal functional roles needed within an organization to carry out such a program; and it contains sample outlines of an Application Certification Plan and a Security Evaluation Report as well as a sample Accreditation Statement and sensitivity classification scheme.  A discussion of recertification and reaccreditation and its relation to change control is also included.  The Guideline also relates certification and accreditation to risk analysis, EDP audit, validation, verification and testing (VV&T), and the system life cycle.  A comprehensive list of references is included.",
	coden = "FIPPAT",
	keywords = "accreditation, certification, certification/accreditation management, certification/accreditation process, certification/accreditation program, computer security evaluation, EDP audit, Federal Information Processing Standards Publication, recertification/reaccreditation, risk analysis, sensitive computer application, sensitive classification, validation, verification and testing (VV&T)",
}