Accession Number : ADA406276


Title :   Guideline for Computer Security Certification and Accreditation


Descriptive Note : Technical publication


Corporate Author : NATIONAL BUREAU OF STANDARDS GAITHERSBURG MD


Full Text : https://apps.dtic.mil/dtic/tr/fulltext/u2/a406276.pdf


Report Date : 27 Sep 1983


Pagination or Media Count : 93


Abstract : This Guideline is intended for use by ADP managers and technical staff in establishing and carrying out a program and a technical process for computer security certification and accreditation of sensitive computer applications. It identifies and describes the steps involved in performing computer security certification and accreditation; it identifies and discusses important issues in managing a computer security certification and accreditation program; and it contains sample outlines of an Application Certification Plan and a Security Evaluation Report as well as a sample Accreditation Statement and sensitivity classification scheme. A discussino of recertification and reaccreditation and its relation to change control is also included. The Guideline also relates certification and accreditation to risk analysis, EDP audit, validation, verification and testing (VV&T), and the system life cycle. A comprehensive list of references is included.


Descriptors :   *DATA PROCESSING SECURITY , *STANDARDS , CLASSIFICATION , COMPUTER APPLICATIONS , COMPUTER PROGRAM VERIFICATION , INFORMATION SECURITY , RISK ANALYSIS , VALIDATION


Subject Categories : Computer Systems Management and Standards


Distribution Statement : APPROVED FOR PUBLIC RELEASE