nerdexam
(ISC)2

CAP · Question #266

System Authorization is the risk management process. System Authorization Plan (SAP) is a comprehensive and uniform approach to the System Authorization Process. What are the different phases of Syste

The correct answer is A. Post-Authorization B. Pre-certification D. Certification E. Authorization. The System Authorization Plan (SAP) consists of four phases: Pre-certification, Certification, Authorization, and Post-Authorization.

Security and Privacy Governance, Risk Management, and Compliance Program

Question

System Authorization is the risk management process. System Authorization Plan (SAP) is a comprehensive and uniform approach to the System Authorization Process. What are the different phases of System Authorization Plan? Each correct answer represents a part of the solution. Choose all that apply.

Options

  • APost-Authorization
  • BPre-certification
  • CPost-certification
  • DCertification
  • EAuthorization

How the community answered

(38 responses)
  • A
    87% (33)
  • C
    13% (5)

Why each option

The System Authorization Plan (SAP) consists of four phases: Pre-certification, Certification, Authorization, and Post-Authorization.

APost-AuthorizationCorrect

Post-Authorization is a valid SAP phase covering ongoing monitoring and maintenance of the authorization after it is granted.

BPre-certificationCorrect

Pre-certification is the initial SAP phase where the system and its security posture are prepared and documented before formal certification begins.

CPost-certification

Post-certification is not a defined phase in the System Authorization Plan - the phase following Certification is called Authorization, not Post-certification.

DCertificationCorrect

Certification is the formal technical evaluation phase that assesses whether security controls meet requirements.

EAuthorizationCorrect

Authorization is the phase where the Designated Approving Authority (DAA) makes the official risk acceptance decision based on certification findings.

Concept tested: System Authorization Plan phases

Source: https://public.cyber.mil/policy-guidance/

Topics

#System Authorization Plan (SAP)#Authorization Process Phases#Risk Management Framework (RMF)#Certification & Accreditation (C&A)

Community Discussion

No community discussion yet for this question.

Full CAP Practice