| (I) An administrative declaration by a designated authority that
an information system is approved to operate in a particular
security configuration with a prescribed set of safeguards.
[FP102] (See: certification.)
(C) An accreditation is usually based on a technical certification
of the system's security mechanisms. The terms "certification" and
"accreditation" are used more in the U.S. Department of Defense
and other government agencies than in commercial organizations.
However, the concepts apply any place where managers are required
to deal with and accept responsibility for security risks. The
American Bar Association is developing accreditation criteria for
CAs.
|
