Ver:
Documento en
que se asegura la verdad de un hecho.
DRAE. Diccionario
de la Lengua Española.
Emisión de un
certificado que acredita la Conformidad con un Estándar. La Certificación
incluye una Auditoría formal realizada por un organismo independiente y
Acreditado. El término Certificación también se usa para denotar la concesión
de un certificado que acredita que una persona ha logrado una cualificación
determinada. [ITIL:2007]
Determinación
positiva de que un producto o sistema tiene capacidad para proteger la
información según un nivel de seguridad y de acuerdo a unos criterios
establecidos en el procedimiento o metodología de evaluación correspondiente.
Confirmación
del resultado de una evaluación, y que los criterios de evaluación utilizados
fueron correctamente aplicados. [Magerit:2012]
Emisión de un
informe formal confirmando el resultado de una evaluación, así como qu4e el
criterio de evaluación usado ha sido correctamente aplicado (ITSEC).
Esta
certificación es. O será en el caso de algunos países, emitida por la
Institución de Certificación de cada país, y se pretende tenga validez en todos
los de la Unión Europea.
[Ribagorda:1997]
1. (notarization)
Mecanismo de seguridad por el que una Autoridad de Certificación asegura la
integridad, origen, tiempo o destino de una comunicación.
2. Confirmación
del resultado de una evaluación, y que los criterios de evaluación utilizados
fueron correctamente aplicados.
[CESID:1997]
Comprehensive
evaluation of the technical and non-technical security safeguards of an
information system to support the accreditation process that establishes the
extent to which a particular design and implementation meets a set of specified
security requirements. See security control assessment. [CNSSI_4009:2010]
1. (I)
/information system/ Comprehensive evaluation (usually made in support of an
accreditation action) of an information system's technical security features
and other safeguards to establish the extent to which the system's design and
implementation meet a set of specified security requirements. [C4009, FP102,
SP37] (See: accreditation. Compare: evaluation.)
2. (I) /digital
certificate/ The act or process of vouching for the truth and accuracy of the
binding between data items in a certificate. (See: certify.)
3. (I) /PKI/ The
act or process of vouching for the ownership of a public key by issuing a
public-key certificate that binds the key to the name of the entity that possesses
the matching private key. Besides binding a key with a name, a public-key
certificate may bind those items with other restrictive or explanatory data
items. (See: X.509 public-key certificate.)
[RFC4949:2007]
in the context of
this document, the process, producing written results, of performing a
comprehensive evaluation of security features and other safeguards of a system
to establish the extent to which the design and implementation meet a set of
specified security requirements.
NOTE. This
definition is generally accepted within the security community; within ISO the
more generally used definition is: Procedure by which a third party gives
written assurance that a product, process or service conforms to specified
requirements [ISO/IEC Guide 2].
[ISO-21827:2007]
Issuing a
certificate to confirm Compliance to a Standard. Certification includes a
formal Audit by an independent and Accredited body. The term Certification is
also used to mean awarding a certificate to verify that a person has achieved a
qualification. [ITIL:2007]
A comprehensive
assessment of the management, operational, and technical security controls in
an information system, made in support of security accreditation, to determine
the extent to which the controls are implemented correctly, operating as
intended, and producing the desired outcome with respect to meeting the
security requirements for the system. [NIST-SP800-53:2013] [FIPS-200:2006] [NIST-SP800-37:2004]
Security
certification is a comprehensive assessment of the management, operational, and
technical security controls in an information system, made in support of
security accreditation, to determine the extent to which the controls are
implemented correctly, operating as intended, and producing the desired outcome
with respect to meeting the security requirements for the system. The results
of a security certification are used to reassess the risks and update the
system security plan, thus providing the factual basis for an authorizing
official to render a security accreditation decision. [NIST-SP800-100:2006]
the issue of a
formal statement confirming the results of an evaluation, and that the
evaluation criteria used were correctly applied. [ITSEC:1991]
The technical
evaluation of a system's security features, made as part of and in support of
the approval/accreditation process, that establishes the extent to which a
particular computer system's design and implementation meet a set of specified
security requirements. [TCSEC:1985]
Publier un certificat
pour valider la conformité à un standard. La certification comporte un audit
formel réalisé par une structure indépendante et accréditée. Le terme
Certification signifie également décerner un certificat pour valider la
qualification dune personne. [ITIL:2007]
Temas relacionados