CAP · Question #266
System Authorization is the risk management process. System Authorization Plan (SAP) is a comprehensive and uniform approach to the System Authorization Process. What are the different phases of Syste
The correct answer is A. Post-Authorization B. Pre-certification D. Certification E. Authorization. The System Authorization Plan (SAP) consists of four phases: Pre-certification, Certification, Authorization, and Post-Authorization.
Question
System Authorization is the risk management process. System Authorization Plan (SAP) is a comprehensive and uniform approach to the System Authorization Process. What are the different phases of System Authorization Plan? Each correct answer represents a part of the solution. Choose all that apply.
Options
- APost-Authorization
- BPre-certification
- CPost-certification
- DCertification
- EAuthorization
How the community answered
(38 responses)- A87% (33)
- C13% (5)
Why each option
The System Authorization Plan (SAP) consists of four phases: Pre-certification, Certification, Authorization, and Post-Authorization.
Post-Authorization is a valid SAP phase covering ongoing monitoring and maintenance of the authorization after it is granted.
Pre-certification is the initial SAP phase where the system and its security posture are prepared and documented before formal certification begins.
Post-certification is not a defined phase in the System Authorization Plan - the phase following Certification is called Authorization, not Post-certification.
Certification is the formal technical evaluation phase that assesses whether security controls meet requirements.
Authorization is the phase where the Designated Approving Authority (DAA) makes the official risk acceptance decision based on certification findings.
Concept tested: System Authorization Plan phases
Source: https://public.cyber.mil/policy-guidance/
Topics
Community Discussion
No community discussion yet for this question.