Documento en
que se asegura la verdad de un hecho.
DRAE. Diccionario
de la Lengua Española.
Emisión de un
certificado que acredita la Conformidad con un Estándar. La Certificación
incluye una Auditoría formal realizada por un organismo independiente y
Acreditado. El término Certificación también se usa para denotar la concesión
de un certificado que acredita que una persona ha logrado una cualificación
determinada. [ITIL:2007]
Determinación
positiva de que un producto o sistema tiene capacidad para proteger la
información según un nivel de seguridad y de acuerdo a unos criterios
establecidos en el procedimiento o metodología de evaluación correspondiente.
Confirmación
del resultado de una evaluación, y que los criterios de evaluación utilizados
fueron correctamente aplicados. [Magerit:2012]
Emisión de un
informe formal confirmando el resultado de una evaluación, así como qu4e el
criterio de evaluación usado ha sido correctamente aplicado (ITSEC).
Esta
certificación es. O será en el caso de algunos países, emitida por la
Institución de Certificación de cada país, y se pretende tenga validez en todos
los de la Unión Europea.
[Ribagorda:1997]
1. (notarization)
Mecanismo de seguridad por el que una Autoridad de Certificación asegura la
integridad, origen, tiempo o destino de una comunicación.
2. Confirmación
del resultado de una evaluación, y que los criterios de evaluación utilizados
fueron correctamente aplicados.
[CESID:1997]
Comprehensive evaluation of
the technical and non-technical security safeguards of an information system to
support the accreditation process that establishes the extent to which a
particular design and implementation meets a set of specified security requirements.
See security control assessment. [CNSSI_4009:2010]
1. (I) /information system/
Comprehensive evaluation (usually made in support of an accreditation action)
of an information system's technical security features and other safeguards to
establish the extent to which the system's design and implementation meet a set
of specified security requirements. [C4009, FP102, SP37] (See: accreditation.
Compare: evaluation.)
2. (I) /digital certificate/
The act or process of vouching for the truth and accuracy of the binding
between data items in a certificate. (See: certify.)
3. (I) /PKI/ The act or
process of vouching for the ownership of a public key by issuing a public-key
certificate that binds the key to the name of the entity that possesses the
matching private key. Besides binding a key with a name, a public-key
certificate may bind those items with other restrictive or explanatory data
items. (See: X.509 public-key certificate.)
[RFC4949:2007]
in the context of this
document, the process, producing written results, of performing a comprehensive
evaluation of security features and other safeguards of a system to establish
the extent to which the design and implementation meet a set of specified
security requirements.
NOTE. This definition is
generally accepted within the security community; within ISO the more generally
used definition is: Procedure by which a third party gives written assurance
that a product, process or service conforms to specified requirements [ISO/IEC
Guide 2].
[ISO-21827:2007]
Issuing a certificate to
confirm Compliance to a Standard. Certification includes a formal Audit by an
independent and Accredited body. The term Certification is also used to mean
awarding a certificate to verify that a person has achieved a qualification. [ITIL:2007]
A comprehensive assessment
of the management, operational, and technical security controls in an
information system, made in support of security accreditation, to determine the
extent to which the controls are implemented correctly, operating as intended,
and producing the desired outcome with respect to meeting the security
requirements for the system. [NIST-SP800-53:2013] [FIPS-200:2006] [NIST-SP800-37:2004]
Security certification is a
comprehensive assessment of the management, operational, and technical security
controls in an information system, made in support of security accreditation,
to determine the extent to which the controls are implemented correctly,
operating as intended, and producing the desired outcome with respect to
meeting the security requirements for the system. The results of a security
certification are used to reassess the risks and update the system security plan,
thus providing the factual basis for an authorizing official to render a
security accreditation decision. [NIST-SP800-100:2006]
the issue of a formal
statement confirming the results of an evaluation, and that the evaluation
criteria used were correctly applied. [ITSEC:1991]
The technical evaluation of
a system's security features, made as part of and in support of the
approval/accreditation process, that establishes the extent to which a
particular computer system's design and implementation meet a set of specified
security requirements. [TCSEC:1985]
Publier un certificat
pour valider la conformité à un standard. La certification comporte un audit
formel réalisé par une structure indépendante et accréditée. Le terme
Certification signifie également décerner un certificat pour valider la
qualification d’une personne. [ITIL:2007]