Information systems need to be evaluated and they may also need to be certified based on a set of defined parameters. There are many security certification and accreditation standards for security assurance. The following topics describe a few important ones.
Department of Defense Information Technology Security Certification and Accreditation Process (DITSCAP) is the standardized approach designed to guide DoD agencies through the certification and accreditation process for a single information technology (IT) entity.
There are four phases to the DITSCAP process:
Definition: All the system requirements and capabilities are documented to include mission, function, and interfaces.
Verification: recommended changes to a system are performed and the resulting deliverable is a refined System Security Authorization Agreement (SSAA).
Validation: This proceeds with a review of the SSAA.
Post accreditation: Here, system changes are managed, system operations are...