Explanation: The Certification and Accreditation (C&A) process consists of four distinct phases: 1.Initiation 2.Security Certification 3.Security Accreditation 4.Continuous Monitoring The C&A activities can be applied to an information system at appropriate phases in the system development life cycle by selectively tailoring the various tasks and subtasks. Answer: B and C are incorrect. Auditing and detection are not phases of the Certification and Accreditation process.