Which option correctly defines the term that is a formal review of software to ensure all security controls are built into the software as designed?

Certification is the formal evaluation of a software product to confirm that security controls are built into it as designed. It involves independent testing and documentation showing that controls such as authentication, access control, encryption, input validation, and secure coding practices are implemented correctly and operate as intended. This makes certification the best fit for a formal review of software to ensure security controls are built in. Accreditation is the official authorization to operate the system in a given environment, based on certification results and risk considerations. Systems authorization refers to granting that authorization and ongoing monitoring, focusing on the system’s operation rather than the internal verification of the software itself. BC is not the standard term used for this concept.