What is Certification (Software and Systems)?
Certification of software and systems against a standard is better than having software and systems merely in “compliance” with a standard. Certification means that a third-party agency such as NIST or the PCI Council has reviewed and tested the claim of fidelity to a standard and found it to be true. Certifying agencies will usually either publish a public list of all certified implementations or will be happy to confirm any stated claim.
A common example of certification in the file transfer industry is “AS2 certification”. Under this standard, Drummond Group tests various vendors’ cryptography implementations, issues a validation certificate for each that passes and lists all implementations that have passed in a public web page on the NIST site.
Certification is roughly equivalent to “validation“.