What term describes the comprehensive evaluation of an information system component to determine if it meets specified security requirements?

The term describes the formal, independent assessment of an information system component to determine whether it meets specified security requirements. Certification involves evaluating the system’s design, implementation, and security controls, gathering evidence, and producing a report that documents compliance and any residual risk. This sets a clear, verifiable baseline that the system meets the required security standards before it is allowed to operate in a given environment. Accreditation is the official management authorization to operate the system based on the certification and risk assessment, while authorization is the actual decision to permit operation within a defined environment and risk posture. Validation, though related to confirming that a system fulfills its stated requirements, is a broader term and not the formal security evaluation process described here.