nerdexam
(ISC)2

CAP · Question #222

Which of the following individuals makes the final accreditation decision?

The correct answer is A. DAA. The DAA (Designated Accrediting Authority), called the Authorizing Official (AO) in the NIST RMF framework, is the senior official with the authority to formally accept the risk of operating an information system and issue the official accreditation (authorization to operate). Th

Security and Privacy Governance, Risk Management, and Compliance Program

Question

Which of the following individuals makes the final accreditation decision?

Options

  • ADAA
  • BISSO
  • CCIO
  • DCISO

How the community answered

(66 responses)
  • A
    92% (61)
  • B
    2% (1)
  • C
    2% (1)
  • D
    5% (3)

Explanation

The DAA (Designated Accrediting Authority), called the Authorizing Official (AO) in the NIST RMF framework, is the senior official with the authority to formally accept the risk of operating an information system and issue the official accreditation (authorization to operate). The ISSO (Information System Security Officer) manages day-to-day security operations. The CIO oversees IT strategy. The CISO manages the organization's security program. Only the DAA/AO has the formal authority to sign the accreditation decision.

Topics

#RMF roles#Accreditation decision#Authorization Official (AO)#Designated Approving Authority (DAA)

Community Discussion

No community discussion yet for this question.

Full CAP Practice