2 cissp ® Official Study Guide Eighth Edition


Certification and Accreditation



Download 19,3 Mb.
Pdf ko'rish
bet291/881
Sana08.04.2023
Hajmi19,3 Mb.
#925879
1   ...   287   288   289   290   291   292   293   294   ...   881
Bog'liq
(CISSP) Mike Chapple, James Michael Stewart, Darril Gibson - CISSP Official Study Guide-Sybex (2018)

Certification and Accreditation 
Organizations that require secure systems need one or more methods to evaluate how well 
a system meets their security requirements. The formal evaluation process is divided into 
two phases, called
certifi cation
and
accreditation
. The actual steps required in each phase 
depend on the evaluation criteria an organization chooses. A CISSP candidate must under-
stand the need for each phase and the criteria commonly used to evaluate systems. The two 
evaluation phases are discussed in the next two sections, and then we present various evalu-
ation criteria and considerations you must address when assessing the security of a system. 
Certifi cation and accreditation processes are used to assess the effectiveness of application 
security as well as operating system and hardware security. 
The process of evaluation provides a way to assess how well a system measures up to 
a desired level of security. Because each system’s security level depends on many factors, 
all of them must be taken into account during the evaluation. Even though a system is 
initially described as secure, the installation process, physical environment, and general 
confi guration details all contribute to its true general security. Two identical systems 
could be assessed at different levels of security because of confi guration or installation 
differences. 
The terms
certification
,
accreditation
, and
maintenance
as used in the fol-
lowing sections are official terms used by the defense establishment, and 
you should be familiar with them.
Certifi cation and accreditation are additional steps in the software and IT systems devel-
opment process normally required from defense contractors and others working in a mili-
tary environment. The offi cial defi nitions of these terms as used by the U.S. government are 
from Department of Defense Instruction 5200.40, Enclosure 2. 

Download 19,3 Mb.

Do'stlaringiz bilan baham:
1   ...   287   288   289   290   291   292   293   294   ...   881



Ma'lumotlar bazasi mualliflik huquqi bilan himoyalangan ©hozir.org 2024
ma'muriyatiga murojaat qiling
kiriting | ro'yxatdan o'tish
    Bosh sahifa
юртда тантана
Боғда битган
Бугун юртда
Эшитганлар жилманглар
Эшитмадим деманглар
битган бодомлар
Yangiariq tumani
qitish marakazi
Raqamli texnologiyalar
ilishida muhokamadan
tasdiqqa tavsiya
tavsiya etilgan
iqtisodiyot kafedrasi
steiermarkischen landesregierung
asarlaringizni yuboring
o'zingizning asarlaringizni
Iltimos faqat
faqat o'zingizning
steierm rkischen
landesregierung fachabteilung
rkischen landesregierung
hamshira loyihasi
loyihasi mavsum
faolyatining oqibatlari
asosiy adabiyotlar
fakulteti ahborot
ahborot havfsizligi
havfsizligi kafedrasi
fanidan bo’yicha
fakulteti iqtisodiyot
boshqaruv fakulteti
chiqarishda boshqaruv
ishlab chiqarishda
iqtisodiyot fakultet
multiservis tarmoqlari
fanidan asosiy
Uzbek fanidan
mavzulari potok
asosidagi multiservis
'aliyyil a'ziym
billahil 'aliyyil
illaa billahil
quvvata illaa
falah' deganida
Kompyuter savodxonligi
bo’yicha mustaqil
'alal falah'
Hayya 'alal
'alas soloh
Hayya 'alas
mavsum boyicha

yuklab olish