Publications
July 19, 2023: URLs for CSRC publication details pages have changed. Legacy URLs should automatically redirect to the new URLs. However, links to the actual publications have NOT changed (e.g., DOIs and PDFs on nvlpubs.nist.gov). Please send inquiries to
csrc-inquiry@nist.gov. [12:20 pm ET - If you received "Page Not Found" errors recently, please retry accessing those files. File synchronization should now be complete.]
Withdrawn on February 08, 2005.
Guideline for Computer Security Certification and Accreditation
Documentation
Topics
Date Published: September 27, 1983
Planning Note (02/08/2005):
The withdrawal of this FIPS was announced in the Federal Register.
Author(s)
National Bureau of Standards
This Guideline is intended for use by ADP managers and technical staff in establishing and carrying out a program and a technical process for computer security certification and accreditation of sensitive computer applications. It identifies and describes the steps involved in performing computer security certification and accreditation; it identifies and discusses important issues in managing a computer security certification and accreditation program; it identifies and describes the principal functional roles needed within an organization to carry out such a program; and it contains sample outlines of an Application Certification Plan and a Security Evaluation Report as well as a sample Accreditation Statement and sensitivity classification scheme. A discussion of recertification and reaccreditation and its relation to change control is also included. The Guideline also relates certification and accreditation to risk analysis, EDP audit, validation, verification and testing (VV&T), and the system life cycle. A comprehensive list of references is included.
This Guideline is intended for use by ADP managers and technical staff in establishing and carrying out a program and a technical process for computer security certification and accreditation of sensitive computer applications. It identifies and describes the steps involved in performing computer...
See full abstract
This Guideline is intended for use by ADP managers and technical staff in establishing and carrying out a program and a technical process for computer security certification and accreditation of sensitive computer applications. It identifies and describes the steps involved in performing computer security certification and accreditation; it identifies and discusses important issues in managing a computer security certification and accreditation program; it identifies and describes the principal functional roles needed within an organization to carry out such a program; and it contains sample outlines of an Application Certification Plan and a Security Evaluation Report as well as a sample Accreditation Statement and sensitivity classification scheme. A discussion of recertification and reaccreditation and its relation to change control is also included. The Guideline also relates certification and accreditation to risk analysis, EDP audit, validation, verification and testing (VV&T), and the system life cycle. A comprehensive list of references is included.
Hide full abstract
Keywords
certification/accreditation management; certification/accreditation process; certification/accreditation program; computer security evaluation; EDP audit; Federal Information Processing Standards Publication; recertification/reaccreditation; risk analysis; sensitive computer application; sensitivity classification; validation; verification and testing (VV& accreditation: certification; T)
Control Families
None selected