nerdexam
(ISC)2

CAP · Question #268

Which of the following requires all general support systems and major applications to be fully certified and accredited before these systems and applications are put into production? Each correct answ

The correct answer is C. FISMA D. Office of Management and Budget (OMB). FISMA and OMB policy both mandate that all general support systems and major applications must be fully certified and accredited before being placed into production.

Security and Privacy Governance, Risk Management, and Compliance Program

Question

Which of the following requires all general support systems and major applications to be fully certified and accredited before these systems and applications are put into production? Each correct answer represents a part of the solution. Choose all that apply.

Options

  • ANIST
  • BFIPS
  • CFISMA
  • DOffice of Management and Budget (OMB)

How the community answered

(63 responses)
  • A
    3% (2)
  • B
    6% (4)
  • C
    90% (57)

Why each option

FISMA and OMB policy both mandate that all general support systems and major applications must be fully certified and accredited before being placed into production.

ANIST

NIST provides the frameworks and guidelines (such as SP 800-37) that support C&A processes but does not itself mandate or enforce certification requirements on agencies.

BFIPS

FIPS (Federal Information Processing Standards) establish technical standards for cryptography and data handling but do not mandate the C&A process itself before production.

CFISMACorrect

FISMA (Federal Information Security Management Act) legally requires all federal information systems, including general support systems and major applications, to undergo certification and accreditation before going into production, as part of a risk management framework.

DOffice of Management and Budget (OMB)Correct

OMB (Office of Management and Budget) Circular A-130 reinforces this requirement by directing agencies to ensure C&A is completed prior to production deployment, complementing FISMA's statutory mandate.

Concept tested: FISMA and OMB C&A production requirements

Source: https://www.cisa.gov/topics/cyber-threats-and-advisories/federal-information-security-modernization-act

Topics

#FISMA#Certification and Accreditation (C&A)#Federal Regulations#OMB

Community Discussion

No community discussion yet for this question.

Full CAP Practice