Systems Security Certified Practitioner – SSCP – Question0407

Which of the following is best defined as an administrative declaration by a designated authority that an information system is approved to operate in a particular security configuration with a prescribed set of safeguards?

A.
Certification
B. Declaration
C. Audit
D. Accreditation

Correct Answer: D

Explanation:

Accreditation: is an administrative declaration by a designated authority that an information system is approved to operate in a particular security configuration with a prescribed set of safeguards. It is usually based on a technical certification of the system’s security mechanisms.
Certification: Technical evaluation (usually made in support of an accreditation action) of an information system’s security features and other safeguards to establish the extent to which the system’s design and implementation meet specified security requirements. Source: SHIREY, Robert W., RFC2828: Internet Security Glossary, may 2000.