Certification is the process of verification and validation of an approach, based on security requirements by organizations, pertaining to security management. It confirms the adherence to security requirements by documented evidence. Accreditation is the act of granting certification.
Let us review some of the certification and accreditation processes related to computer system security.
The Department of Defense Information Technology Security Certification and Accreditation Process (DITSCAP) is a standardized approach designed to guide defense agencies in the USA through the certification and accreditation process for a single IT entity.
There are four phases in the DITSCAP process and are listed as follows: ...