2 cissp ® Official Study Guide Eighth Edition



Download 19,3 Mb.
Pdf ko'rish
bet293/881
Sana08.04.2023
Hajmi19,3 Mb.
#925879
1   ...   289   290   291   292   293   294   295   296   ...   881
Bog'liq
(CISSP) Mike Chapple, James Michael Stewart, Darril Gibson - CISSP Official Study Guide-Sybex (2018)

Accreditation 
In the certifi cation phase, you test and document the security capabilities of a system in 
a specifi c confi guration. With this information in hand, the management of an organiza-
tion compares the capabilities of a system to the needs of the organization. It is imperative 
that the security policy clearly states the requirements of a security system. Management 
reviews the certifi cation information and decides whether the system satisfi es the security 
needs of the organization. If management decides the certifi cation of the system satisfi es 
their needs, the system is
accredited
.
Accreditation
is the formal declaration by the
desig-
nated approving authority (DAA)
that an IT system is approved to operate in a particular 
security mode using a prescribed set of safeguards at an acceptable level of risk. Once 
accreditation is performed, management can formally accept the adequacy of the overall 
security performance of an evaluated system. 
Certification and accreditation do seem similar, and thus it is often a 
challenge to understand them. One perspective you might consider 
is that certification is often an internal verification of security and 
the results of that verification are trusted only by your organization. 
Accreditation is often performed by a third-party testing service, and 
the results are trusted by everyone in the world who trusts the specific 
testing group involved.

308
Chapter 8 

Principles of Security Models, Design, and Capabilities
The process of certification and accreditation is often iterative. In the accreditation 
phase, it is not uncommon to request changes to the configuration or additional controls 
to address security concerns. Remember that whenever you change the configuration, you 
must recertify the new configuration. Likewise, you need to recertify the system when a 
specific time period elapses or when you make any configuration changes. Your security 
policy should specify what conditions require recertification. A sound policy would list the 
amount of time a certification is valid along with any changes that would require you to 
restart the certification and accreditation process.

Download 19,3 Mb.

Do'stlaringiz bilan baham:
1   ...   289   290   291   292   293   294   295   296   ...   881



Ma'lumotlar bazasi mualliflik huquqi bilan himoyalangan ©hozir.org 2024
ma'muriyatiga murojaat qiling
kiriting | ro'yxatdan o'tish
    Bosh sahifa
юртда тантана
Боғда битган
Бугун юртда
Эшитганлар жилманглар
Эшитмадим деманглар
битган бодомлар
Yangiariq tumani
qitish marakazi
Raqamli texnologiyalar
ilishida muhokamadan
tasdiqqa tavsiya
tavsiya etilgan
iqtisodiyot kafedrasi
steiermarkischen landesregierung
asarlaringizni yuboring
o'zingizning asarlaringizni
Iltimos faqat
faqat o'zingizning
steierm rkischen
landesregierung fachabteilung
rkischen landesregierung
hamshira loyihasi
loyihasi mavsum
faolyatining oqibatlari
asosiy adabiyotlar
fakulteti ahborot
ahborot havfsizligi
havfsizligi kafedrasi
fanidan bo’yicha
fakulteti iqtisodiyot
boshqaruv fakulteti
chiqarishda boshqaruv
ishlab chiqarishda
iqtisodiyot fakultet
multiservis tarmoqlari
fanidan asosiy
Uzbek fanidan
mavzulari potok
asosidagi multiservis
'aliyyil a'ziym
billahil 'aliyyil
illaa billahil
quvvata illaa
falah' deganida
Kompyuter savodxonligi
bo’yicha mustaqil
'alal falah'
Hayya 'alal
'alas soloh
Hayya 'alas
mavsum boyicha

yuklab olish