expand for answer

Certification authority (CA)

(C&A) Official responsible for performing the comprehensive evaluation of the security features of an information system and determining the degree to which it meets its security requirements. (PKI) Trusted entity authorized to create, sign, and issue public key certificates. By digitally signing each certificate issued, the user’s identity is certified, and the association of the certified identity with a public key is validated.


Similar items:
A set of information that at least: identifies the certification authority issuing the certificate; unambiguously names or identifies its owner; contains the owner’s public key and is digitally signed by the certification authority issuing it. Digitally signed document that binds a public key with an identity. The certificate contains, at a minimum, the identity of the issuing Certification Authority, the user identification information, and the user’s public key. Endorsed copy of an individual’s public key that verifies their identity.
[view]
A trusted third party that associates a public key with proof of identity by producing a digitally signed certificate. A CA provides to users a digital certificate that links the public key with some assertion about the user, such as identity, credit payment card number etc. Certification authorities may offer other services such as timestamping, key management services, and certificate revocation services. It can also be defined as an independent trusted source that attests to some factual element of information for the purposes of certifying information in the electronic environment. An agency that authenticates and distributes digital certificates.
[view]
<p><b>1.&nbsp;Initiation and planning</b><br> At this stage, the administration initiates and plans the implementation of the program. A C&amp;A implementation expert lays out the documentation (including the business case and requirement documents) and presents it to the administration in the form of a comprehensive C&amp;A package.<br> &nbsp;</p> <p><b>2. Certification</b><br> At this stage, an external auditing team analyzes the C&amp;A package and the information security systems of the organization. The audits will include running vulnerability scans, conducting interviews, and checking if everything complies with the accepted standards and norms.<br> &nbsp;</p> <p><b>3. Accreditation</b><br> In the accreditation stage, the certifying authority will review the compiled C&amp;A package and will also go through the recommendations put forward by the auditing team. Before granting the accreditation, the authority will make its examination and see if there is a possibility of accepting non-remedied risks in the system.<br> &nbsp;</p> <p><b>4. Periodic monitoring</b><br> The system, the personnel, and the whole organization in general will be monitored periodically by a team whose sole responsibility is to ensure that the program stays operational as it should. Any risks, vulnerabilities, or threats that might arise during the monitoring stage will also have to be dealt with by the security enforcers of the organization.<br> &nbsp;</p>
[view]
Comprehensive evaluation of the technical and nontechnical security safeguards of an information system to support the accreditation process that establishes the extent to which a particular design and implementation meets a set of specified security requirements. The acceptance of software by an authorized agent, usually after the software has been validated by the agent or its validity has been demonstrated to the agent. The comprehensive evaluation, made in support of the accreditation process, of the technical and nontechnical security features of an IT system and other safeguards to establish the extent to which a particular design and implementation meet a set of specified security requirements.
[view]
(1) The party, or his designee, responsible for the security of designated information. The user works closely with an ISSE. Also referred to as the customer. (2) Person or process accessing an AIS either by direct connections (i. e. , via terminals), or indirect connections (i. e. , prepare input data or receive output that is not reviewed for content or classification by a responsible individual). Any person who has access to the secured system. A user’s access is tied to their work tasks and is limited so they have only enough access to perform the tasks necessary for their job position (in other words, principle of least privilege). Also referred to as an end user and employee. Individual or process authorized to access an information system. (PKI) Individual defined, registered, and bound to a public key structure by a certification authority (CA).
[view]


There are no comments yet.

Authentication required

You must log in to post a comment.

Log in