Content-type: text/html
P-10 Certification and Accreditation Principle
P-10 Certification and Accreditation Principle
Copyright(c), 1995 - Management Analytics and Others - All Rights Reserved
Check all that apply:
Information systems and information security professionals are certified to be technically competent and management has approved them for operations.
It has been determined by the technical community that the integrity of the firewall is preserved; that all laws, regulations, and directives have been met; and that all safeguards are in place and functioning correctly.
The list of deficiencies for which the risk is acceptable and a set of plans for resolving unacceptable risk are in place.
Management has a high degree of confidence that the system could be accredited for use.
It has been verified that the firewall provides accurate logical representations of the physical or logical objects it models.
The degree to which measures are taken to create, preserve, monitor, and recover an accurate representation is proportional to the value of that representeation to the enterprise.
After every security breach, the firewall is recertified.
A determination has been made by Information Technology management that the individuals operating the firewall have appropriate expertise, training, and background to perform the assigned information security tasks.
Background investigations have been done for firewall managers.
Required training has been fulfilled for all firewall users.
Management has verified that firewall protection is adequate to their needs before the firewalls are activated.
With maximum value of