I am interested in learning how does the C&A, DIACAP processes improves commercial systems?
Please refer to assignment question below.
Do you think a formal process like Certification & Accreditation is appropriate to use for commercial systems in private industry (Why or Why Not)? What are the important parts of C&A to carry over to the commercial sector? Alternatively, what are some examples of security review processes used in companies before putting a system into use. What are the pros and cons of this in contrast to Department of Defense Information Assurance Certification and Accreditation Process (DIACAP)?