Welcome back to CyberRays. This, of course. I'm your instructor, Brad Roads. Well, we have made it to the end of modulate the system development life cycle. Let's jump into our summary
in this lesson. We're going to review briefly the SCLC phases. We're also going to review the risk management framework.
Two important things you need to know for the risks are for the ESOP exam.
So here are our SCLC phases. Remember, Initiation Rite initiation is our requirements,
acquisition and development. That's our build.
And by decision, if we're going to develop it, we're building, and if we're gonna buy it, we're gonna acquire it. Right? So we're gonna make a decision there, right? If we're doing stuff in the development piece of things, if we're actually gonna build it ourselves, that's what we have to decide or look to our organization in terms of what? What development model are we using? Are we using waterfall? Are we using
the systems engineering V? Are we using? Ah, spiral. Are we doing agile?
Right? Then we get to implementation. Assessment. That's our deployment and integration. That's where we push out the system into operations initially and we do it enough phased approach. We don't just roll it out to an enterprise altogether. We also do our assessment work there. That's where we talk about things like the risk management framework and the
getting an interim authority to operate or authority to operate. Now,
operation and maintenance that's or continuous monitoring of our security controls. And then maintenance is, and I use the general term of patching here. But patching is is. Obviously it implies a lot more than just that. It's updating all the firmware. It's updating all of the hardware. It's updating software. It's updating operating systems. You know the list goes on and on and on, and obviously some
systems end up going to the next phase, which is some sort of disposal, because guess what?
They probably can't be updated anymore.
And then, of course, the last phase of the system development life cycle is sunset or disposal, and that's where we decided to get rid of a system we need to end the life of a system. And that is a very complex process that is reviewed multiple times requires lots of documentation because from depending if you're working on government systems or commercial systems, There's
always gonna be legal and regulatory requirements about
the system itself. The data that you keep from the system, how long you keep records about the system. All of that stuff is done in some set or disposal.
We also talked about the risk management framework, and so the RMF is the replacement for debts, cap and die a cap which are dead, Azzawi said. Previously, will you see that documentation still in existence? Absolutely, especially for legacy systems. But from the standpoint of understanding what we do now, right, what is current for an ISI,
you need to for the sip content itself, memorize this chart. This is one of those
brain dumb things you need to have. You need to understand that we categorize system. We select controls, we implement them, we assess them. We authorized that we monitor right. This is a cyclical process. Monitoring is obviously an ongoing thing. That we
do right. But if we change out of control, we go back to the whole process again to implement it, assess it authorized, and then ultimately do that monitoring.
Um, there are multiple NIST National Institute for Standards and Technology standards. You should be aware of. We're gonna cover those in the next module.
So in this video we covered on reviewed the system development, life cycle, phases, which is very important to the ISI. We also reviewed the risk management framework, which is the standard today for doing the accreditation of systems to get them that authority to operate so that they could be put in tow operations.
I look forward to seeing you in module nine key NIST standards.