Certification is defined as?

Certification is the formal evaluation that a system’s security controls have been implemented according to the design and meet the required security standards. This process produces evidence and documentation showing that the controls are present and functioning as intended before the system is deployed. It’s the technical step that verifies the security measures are built into the software, often culminating in a certification report. This differs from accreditation to operate, which is the management decision to authorize fielding based on the certification results and ongoing risk considerations. The other options describe activities outside this verification focus—management approval to operate, ongoing performance testing, or incident response readiness. So the formal review of software to ensure that security controls were built into the software as designed best captures what certification means.