Which of the following phases of NIST SP 800-37 C&A methodology examines the residual risk for
acceptability, and prepares the final security accreditation package
A.
Initiation
B.
Security Certification
C.
Continuous Monitoring
D.
Security Accreditation