SDLC Flashcards
1
Q
RMF and SDLC
A
SDLC Phases:
1) Initiation (RMF Steps 1 and 2)
2) Development and Acquisition (RMF Step 2)
3) Implementation (RMF Steps 3-5)
4) Operations and Maintenance (RMF Step 6)
5) Disposition (RMF Step 6)
RMF -
1) Categorize
2) Select
3) Implement
4) Assess
5) Authorize
6) Monitor
2
Q
SDLC - Step 1
A
INITIATION
- Why do we need it?
- How does it support the mission
- Investment review and budget
Security Considerations
- conduct initial risk assessment
- identify ISSO
- FIPs 199
- FIPs 200
3
Q
SDLC - Step 2
A
DEVELOPMENT AND ACQUISITION
- Functional statement of need
- Feasibility Study
- Cost Benefit Analysis
Security Considerations
- Risk Assessment
- Security Planning
- Security Control Development
4
Q
SDLC - Step 3
A
IMPLEMENTATION
- Installation
- Inspection
- Acceptance Ttesting
- initial user training
- documentation
Security Considerations
- Inspection and Acceptance
- System integration
- Security Certification Executed
- Security Accreditation Decision
5
Q
SDLC - Step 4
A
OPERATION AND MAINTENANCE
- Performance Measurement
- Contract Modification
- Operations
- Maintenance
Security Considerations
- Configuration mgmt and control
- Continuous Monitoring
6
Q
SDLC - Step 5
A
DISPOSITION
- Appropriateness of Disposal
- Exchange & Sale
- Internal Organizational Screening
- Transfer - Donation
- Contract Closeout
Security Considerations
- Information Preservation
- Media Sanitization
- HW and SW Disposal