ISC2 CISSP Exam - Topic 2 Question 117 Discussion

The software acquisition process is the process of acquiring software from external sources, such as vendors or contractors. It involves several phases, such as planning, contracting, monitoring and acceptance, and follow-on. Developing evaluation criteria is part of the planning phase, where the organization defines the requirements, objectives, and constraints of the software acquisition project. Evaluation criteria are the standards or measures that are used to assess the quality, suitability, and value of the software products or services offered by the potential suppliers. Developing evaluation criteria in the planning phase helps the organization to select the best software solution for its needs and goals.Reference:CISSP - Certified Information Systems Security Professional, Domain 8. Software Development Security, 8.4 Assess the security impact of acquired software, 8.4.1 Define and apply security requirements in the acquisition process;CISSP Exam Outline, Domain 8. Software Development Security, 8.4 Assess the security impact of acquired software, 8.4.1 Define and apply security requirements in the acquisition process