ABSTRACT
This chapter focuses on system security certification as an integral part of the system accreditation process. It outlines the approaches and methods that are intended as guidelines and a framework from which to build an Information System Security Certification Test. Professional organizations provide certifications of individuals. A person may carry the designation of Certified Public Accountant, Certified Information Systems Security Professional, or perhaps Certified Protection Professional. Vendors may provide certifications of individuals on their products. The vendor offers this certification to say that an individual has met the minimum standards or level of expertise on the products for which they are certified. Vendors also provide certifications for products. Many vendors offer certifications of interoperability or compatibility, stating that the standards for interoperability or compatibility have been met. Standards organizations may offer certifications. For example, a corporate entity may be certified by the standards organization to perform testing under the Common Criteria for Information Technology Security Evaluation.
