System life cycle

Definition[edit | edit source]

A system life cycle is

“

[t]he period of time that begins when a system is conceived and ends when the system is no longer available for use.^[1]

”

“

[t]he stages through which a system passes, typically characterized as initiation, development, operation, and termination (i.e., sanitization, disposal and/or destruction).^[2]

”

“

[e]volution of a system, product, service, project or other human-made entity from conception through retirement.^[3]

”

Overview[edit | edit source]

A system life cycle involves all phases of a system's existence, including

Initiation: During the initiation phase, the need for a system is expressed and the purpose of the system is documented. Activities include conducting an impact assessment in accordance with NIST, FIPS 199.^[4]
Development/Acquisition: During this phase, the system is designed, purchased, programmed, developed, or otherwise constructed. This phase often consists of other defined cycles, such as the system development cycle or the acquisition cycle. Activities include determining security requirements, incorporating security requirements into specifications, and obtaining the system.
Implementation: During implementation, the system is tested and installed or fielded. Activities include installing/turning on controls, security testing, certification, and accreditation.
Operation/Maintenance: During this phase, the system performs its work. Typically, the system is also being modified by the addition of hardware and software and by numerous other events. Activities include security operations and administration, operational assurance, and audits and monitoring.
Disposal: The disposal phase of the IT system life-cycle involves the disposition of information, hardware, and software. Activities include moving, archiving, discarding or destroying information and sanitizing the media.