CAP · Question #192
Which of the following individuals is responsible for ensuring the security posture of the organization's information system?
The correct answer is A. Authorizing Official. Under NIST SP 800-37 (Risk Management Framework), the Authorizing Official (AO) - formerly called the Designated Approving Authority (DAA) - is the senior official responsible for accepting the risk of operating an information system and ensuring it maintains an acceptable securi
Question
Which of the following individuals is responsible for ensuring the security posture of the organization's information system?
Options
- AAuthorizing Official
- BChief Information Officer
- CSecurity Control Assessor
- DCommon Control Provider
How the community answered
(33 responses)- A88% (29)
- B3% (1)
- C6% (2)
- D3% (1)
Explanation
Under NIST SP 800-37 (Risk Management Framework), the Authorizing Official (AO) - formerly called the Designated Approving Authority (DAA) - is the senior official responsible for accepting the risk of operating an information system and ensuring it maintains an acceptable security posture. The Chief Information Officer (CIO) oversees IT strategy organization-wide but does not hold individual system accountability. The Security Control Assessor evaluates controls but does not have authorization authority. The Common Control Provider supplies inherited controls. The AO holds the ultimate accountability for the system's security posture.
Topics
Community Discussion
No community discussion yet for this question.