Certification and Accreditation (C&A or CnA) is a process for implementing information
security. It is a systematic procedure for evaluating, describing, testing, and authorizing
systems prior to or after a system is in operation. Which of the following statements are true
about Certification and Accreditation? Each correct answer represents a complete solution.
Choose two.
A.
Accreditation is the official management decision given by a senior agency official
to authorize operation of an information system.
B.
ccreditation is a comprehensive assessment of the management, operational, and
technical security controls in an information system.
C.
Certification is the official management decision given by a senior agency official to
authorize operation of an information system.
D.
Certification is a comprehensive assessment of the management, operational, and
technical security controls in an information system.