Information systems need to be evaluated and they may also need to be certified based on a set of defined parameters. There are many security certification and accreditation standards for security assurance. The following topics describe a few important ones.
Department of Defense Information Technology Security Certification and Accreditation Process (DITSCAP) is the standardized approach designed to guide DoD agencies through the certification and accreditation process for a single information technology (IT) entity.
There are four phases to the DITSCAP process: