Jargons: V&V and C&A

 

What do verification and validation (V&V) and certification and accreditation (C&A) mean? They are indeed jargons, aren’t they?

Take software development project as an example; the software must be verified against solution requirements to confirm if they are implemented correctly, while validated against stakeholder and business requirements to ensure the effectiveness.

Once the software solution is developed, tested, and delivered, it becomes part of the information system as a whole. The information system must be verified to ensure it meets the security requirements. The verification report is the objective evidence for the management to accept the residual risks and authorize it into operation.

The traditional Certification and Accreditation (C&A) process is transformed into the six-step Risk Management Framework (RMF). Please refer to the latest revision of NIST SP 800-37 for details.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s