Certified Secure Software Lifecycle Professional (CSSLP) — Question 21

Which of the following requires all general support systems and major applications to be fully certified and accredited before these systems and applications are put into production? Each correct answer represents a part of the solution. Choose all that apply.

Answer options

• A. NIST
• B. Office of Management and Budget (OMB)
• C. FIPS
• D. FISMA

Correct answer: A

Explanation

NIST is responsible for establishing guidelines that require full certification and accreditation of systems before they can go into production. The Office of Management and Budget (OMB), FIPS, and FISMA have their roles in governance and security, but they do not specifically mandate the certification and accreditation process in the same way NIST does.