CAP · Question #299
Which of the following is NOT a phase of the security certification and accreditation process?
The correct answer is C. Operation. The NIST security certification and accreditation (C&A) process, as described in NIST SP 800-37, consists of four phases: Phase 1 - Initiation; Phase 2 - Security Certification; Phase 3 - Security Accreditation; Phase 4 - Continuous Monitoring (also called Maintenance). 'Operatio
Question
Which of the following is NOT a phase of the security certification and accreditation process?
Options
- AInitiation
- BSecurity certification
- COperation
- DMaintenance
How the community answered
(33 responses)- A6% (2)
- B3% (1)
- C91% (30)
Explanation
The NIST security certification and accreditation (C&A) process, as described in NIST SP 800-37, consists of four phases: Phase 1 - Initiation; Phase 2 - Security Certification; Phase 3 - Security Accreditation; Phase 4 - Continuous Monitoring (also called Maintenance). 'Operation' is not a named phase of the C&A process. While systems do operate after accreditation, the formal phase is called 'Continuous Monitoring' or 'Maintenance,' not 'Operation.'
Topics
Community Discussion
No community discussion yet for this question.