nerdexam
(ISC)2

CAP · Question #221

Which of the following individuals is responsible for the final accreditation decision?

The correct answer is C. Information System Owner. Among the roles listed, the Information System Owner bears the ultimate responsibility for the system's security posture, including the final accreditation decision. The Certification Agent performs the technical evaluation and testing but only recommends an accreditation decisio

Security and Privacy Governance, Risk Management, and Compliance Program

Question

Which of the following individuals is responsible for the final accreditation decision?

Options

  • ACertification Agent
  • BUser Representative
  • CInformation System Owner
  • DRisk Executive

How the community answered

(20 responses)
  • B
    5% (1)
  • C
    90% (18)
  • D
    5% (1)

Explanation

Among the roles listed, the Information System Owner bears the ultimate responsibility for the system's security posture, including the final accreditation decision. The Certification Agent performs the technical evaluation and testing but only recommends an accreditation decision - they do not make the final call. The User Representative advocates for mission needs, and the Risk Executive advises on organizational risk. When an Authorizing Official or DAA is not listed as a choice, the Information System Owner is the role most accountable for formally accepting the system's risk and approving it for operation.

Topics

#Accreditation#Information System Owner#Authorization to Operate (ATO)#Roles and Responsibilities

Community Discussion

No community discussion yet for this question.

Full CAP Practice