Term:Validation

From FISMApedia
Jump to: navigation, search

CNSSI 4009

Validation - Process of applying specialized security test and evaluation procedures, tools, and equipment needed to establish acceptance for joint usage of an IS by one or more departments or agencies and their contractors.

DoDI 8100.03

Validation - Determination of the correct implementation in the completed IT system with the security requirements and approach agreed on by the users, acquisition authority, and the DAA. E2.1.40.

DoDI 8510.01

Validation - Activity applied throughout the system's life cycle to confirm or establish by testing, evaluation, examination, investigation, or competent evidence that a DoD IS's assigned IA controls are implemented correctly and are effective in their application. E2.60.

FIPS 201-1

Validation - The process of demonstrating that the system under consideration meets in all respects the specification of that system. [INCITS/M1-040211]

GAO-09-232G

Validation - The process of evaluating a system or component during or at the end of the development process to determine whether it satisfies specified requirements.

NIST IR 7298

Validation - The process of demonstrating that the system under consideration meets in all respects the specification of that system. SOURCE: FIPS 201; INCITS/M1-040211

NIST SP 800-103 Draft

Validation - Verification that something is correct or conforms to a certain standard. In data collection or data entry, it is the process of ensuring that the data that are entered fall within the accepted boundaries of the application collecting the data. For example, if a program is collecting last names to be entered in a database, the program validates that only letters are entered and not numbers; or in a survey collecting data in the form of "yes" or "no" questions, the program validates that only those responses are used and not some other word.

NIST SP 800-116

Validation - In this publication, the process of determining that an identity credential was legitimately issued and is still valid, i.e., has not expired or been terminated.

NSTISSI 1000

Validation - Process of applying specialized security test and evaluation procedures, tools, and equipment needed to establish acceptance for joint usage of an IS by one or more departments or agencies and their contractors.