What is Validation?
Software, systems and processes that are “validated” against a standard are typically better than those merely in “compliance” with a standard. Validation means that a third-party agency such as NIST or the PCI Council has reviewed and tested the claim of fidelity to a standard and found it to be true. Validating agencies will usually either publish a public list of all validated implementations or will be happy to confirm any stated claim.
A common example of validation in the file transfer industry is “FIPS validation“. Under this standard, NIST tests various vendors’ cryptography implementations, issues a validation certificate for each that passes and lists all implementations that have passed in a public web page on the NIST site.
Validation is roughly equivalent to “certification“.