During this first phase of the development life cycle, security considerations are key to diligent and early integration, thereby ensuring that threats,requirements, and potential constraints in functionality and integration are considered. Which of the following is not a component of the first phase of the development life cycle?

A.
Delineation of business requirements in terms of confidentiality, integrity, and availability

B.
Determination of information categorization and identification of known special handling requirements to transmit, store, or create information such as personally identifiable information

C.
Determination of any privacy requirements

D.
Conduct the risk assessment and use the results to supplement the baseline security controls

Explanation:
Key security activities for the first phase include:
i.Initial delineation of business requirements in terms of confidentiality,integrity, and availability;
ii. Determination of information categorization and identification of known special handling requirements to transmit, store, or create information such as personally identifiable information
iii. Determination of any privacy requirements.

Conducting the risk assessment and use the results to supplement the baseline security controls is carried out in the second phase.