Implementation and Assessment Phase

This phase involves integrating the defenses into the information system though the following steps:

  • Security controls are enabled
  • Configuration baseline is established
  • Testing
getting things working

getting things working

The Federally required process of Certification & Accreditation revisits every step of the SDLC Framework to make sure they have been accomplished adequately and offers a credible statement of such.

As in each of the previous phases, security documentation must have any changes updated into them, specially in the following areas:

  • I/AM (Inventory/Asset Management)
  • SSP (Site Security Plan)
  • RA (Risk Assessment)
  • CM (Configuration Management)

Leave a Reply

You must be logged in to post a comment.