Tech moves fast! Stay ahead of the curve with Techopedia!
Join nearly 200,000 subscribers who receive actionable tech insights from Techopedia.
Accreditation is the process of formally obtaining credibility from an authorized body. In terms of information security, federal agencies must adhere to the 2002 Federal Information Security Management Act (FISMA) for all activities related to information assurance.
An organization may consider itself accredited according to internal standards or elect to adhere to a more formal process with an independent entity, such as the International Organization for Standardization (ISO).
Federal agencies must adhere to state agency regulations related to accreditation. Private businesses follow a similar process.
For example, the National Institute of Standards and Technology (NIST) Special Publication 800-37 may be used as a guide and tailored to organizational requirements. This type of accreditation process communicates established preventative measures and an understanding of associated IT security risks.
Other organizations are accredited through ISO/IEC 27001 - a standard that explains recommendations and requirements related to IS and risk protection.