Which of the following is best defined as an administrative declaration by a designated authority that an
information system is approved to operate in a particular security configuration with a prescribed set of
safeguards?
A.
Certification
B.
Declaration
C.
Audit
D.
Accreditation
Explanation:
Accreditation: is an administrative declaration by a designated authority that an information system is approved
to operate in a particular security configuration with a prescribed set of safeguards. It is usually based on a
technical certification of the system’s security mechanisms. Certification: Technical evaluation (usually made in
support of an accreditation action) of an information system\\’s security features and other safeguards to
establish the extent to which the system\\’s design and implementation meet specified security requirements.
SHIREY, Robert W., RFC2828: Internet Security Glossary, may 2000.