Certification test and evaluation (CT&E)

Software and hardware security tests conducted during development of an information system. Software and hardware security tests conducted during development of an IS.


Similar items:
Product of the certification effort documenting the detailed results of the certification activities. Product of the certification effort documenting the detailed results of the certification activities. The certification package includes the security plan, developmental or operational certification test reports, risk assessment report, and certifier’s statement.
[view]
An evaluation done to assess the degree of trust that can be placed in systems for the secure handling of sensitive information. One type, a product evaluation, is an evaluation performed on the hardware and software features and assurances of a computer product from a perspective that excludes the application environment. The other type, a system evaluation, is done for the purpose of assessing a system’s security safeguards with respect to a specific operational mission and is a major step in the certification and accreditation process.
[view]
Security tests verify that a control is functioning properly. These tests include automated scans, tool-assisted penetration tests, and manual attempts to undermine security. Security testing should take place on a regular schedule, with attention paid to each of the key security controls protecting an organization.
[view]
Management of security features and assurances through control of changes made to hardware, software, firmware, documentation, test, test fixtures, and test documentation throughout the life cycle of an information system. The process of logging, auditing, and monitoring activities related to security controls and security mechanisms over time. This data is then used to identify agents of change, whether objects, subjects, programs, communication pathways, or even the network itself. The use of procedures appropriate for controlling changes to a system’s hardware, software, or firmware structure to ensure that such changes will not lead to a weakness or fault in the system.
[view]
<p>1. Training<br>- Secure Coding Practices<br>- Writing Security Tests<br>- Provider/Platform Technical Training</p><p>2. Define<br>- Code Standards<br>- Security Functional Requirements</p><p>3. Design<br>- Threat Modeling<br>- Secure Design</p><p>4. Develop<br>- Code Review<br>- Unit Testing<br>- Static Analysis<br>- Dynamic Analysis</p><p>5. Test<br>- Vulnerability Assessment<br>- Dynamic Analysis<br>- Functional Tests<br>- QA</p>
[view]


There are no comments yet.

Authentication required

You must log in to post a comment.

Log in