Certification was the term traditionally used for the evaluation of the security controls of an IT system to establish the extent to which a particular design and implementation meets a set of specified security requirements. NIST has restructured the static C&A process into the Risk Management Framework. Select ONE of the six steps of the framework illustrated in the Risk Management Framework.
In at least 250 words, discuss the following in your main post.
- Identify the step and associated government document.
- Discuss the importance of the step in the overall framework.
- What are the consequences if the step is not included in the risk management life-cycle.