2 cissp ® Official Study Guide Eighth Edition

Select Controls Based On Systems Security Requirements 
307
and other safeguards made in support of the accreditation process to establish the 
extent to which a particular design and implementation meets a set of specifi ed security 
requirements. 
System certifi cation is the technical evaluation of each part of a computer system to 
assess its concordance with security standards. First, you must choose evaluation criteria 
(we will present criteria alternatives in later sections). Once you select criteria to use, you 
analyze each system component to determine whether it satisfi es the desired security goals. 
The certifi cation analysis includes testing the system’s hardware, software, and confi gura-
tion. All controls are evaluated during this phase, including administrative, technical, and 
physical controls. 
After you assess the entire system, you can evaluate the results to determine the security 
level the system supports in its current environment. The environment of a system is a criti-
cal part of the certifi cation analysis, so a system can be more or less secure depending on its 
surroundings. The manner in which you connect a secure system to a network can change 
its security standing. Likewise, the physical security surrounding a system can affect the 
overall security rating. You must consider all factors when certifying a system. 
You complete the certifi cation phase when you have evaluated all factors and determined 
the level of security for the system. Remember that the certifi cation is valid only for a sys-
tem in a specifi c environment and confi guration. Any changes could invalidate the certifi ca-
tion. Once you have certifi ed a security rating for a specifi c confi guration, you are ready to 
seek acceptance of the system. Management accepts the certifi ed security confi guration of a 
system through the accreditation process.

Download 19,3 Mb.

Do'stlaringiz bilan baham: