A security evaluation report and an accreditation statement are produced in which of the following phases of the
system development life cycle?
A.
project initiation and planning phase
B.
system design specification phase
C.
development & documentation phase
D.
acceptance phase
Explanation:
Certification and accreditation (C&A) processes are performed before a system can be formally installed in the
production environment. Certification is the technical testing and evaluation of a system while accreditation is
the formal authorization given by management to allow a system to operate in a specific environment. The
accreditation decision is based upon the results of the certification process. This occurs during the acceptance
phase.Incorrect Answers:
A: The project initiation and planning phase is the initial phase that establishes the need for a system. Nothing
has been developed yet to be evaluated, tested, accredited, etc.
B: System requirement specifications are gathered in the system design and specifications phase. This phase
determines how the system will accomplish design goals and could cover required functionality, compatibility,
fault tolerance, extensibility, security, usability, and maintainability.
C: During the development & documentation phase programmers are assigned tasks to meet the specifications
laid out in the design phase. This is where the system is developed.Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, pp. 300, 406-407,
1092, 1095