Certification and Accreditation (C&A or CnA) is a process for implementing information security. It is a systematic procedure for evaluating, describing, testing, and authorizing systems prior to or after a system is in operation.
Which of the following statements are true about Certification and Accreditation? Each correct answer represents a complete solution. Choose two.
A . Accreditation is the official management decision given by a senior agency official to authorize operation of an information system.
B . Accreditation is a comprehensive assessment of the management, operational, and technical security controls in an information system.
C . Certification is the official management decision given by a senior agency official to authorize operation of an information system.
D . Certification is a comprehensive assessment of the management, operational, and technical security controls in an information system.
Answer: AD