What course of action is recommended when it is not feasible or possible to continuously monitor the entirety of security controls in an information system?
a. Begin the reaccreditation process
b. Begin the recertification process
c. Enter the system development life cycle (SDLC)
d. Select subsets of controls and monitor them at intervals