CAP · Question #348
The phase 0 of Risk Management Framework (RMF) is known as strategic risk assessment planning. Which of the following processes take place in phase 0? Each correct answer represents a complete solutio
The correct answer is B. Apply classification criteria to rank data assets and related IT resources. C. Establish criteria that will be used to classify and rank data assets. D. Identify threats, vulnerabilities, and controls that will be evaluated. E. Establish criteria that will be used to evaluate threats, vulnerabilities, and controls.. RMF Phase 0 is the strategic planning phase focused on establishing the groundwork before assessment begins. It includes: (B) Applying classification criteria to rank data assets and related IT resources - actively categorizing assets using the established criteria; (C) Establish
Question
The phase 0 of Risk Management Framework (RMF) is known as strategic risk assessment planning. Which of the following processes take place in phase 0? Each correct answer represents a complete solution. Choose all that apply.
Options
- AReview documentation and technical data.
- BApply classification criteria to rank data assets and related IT resources.
- CEstablish criteria that will be used to classify and rank data assets.
- DIdentify threats, vulnerabilities, and controls that will be evaluated.
- EEstablish criteria that will be used to evaluate threats, vulnerabilities, and controls.
How the community answered
(29 responses)- A28% (8)
- B72% (21)
Explanation
RMF Phase 0 is the strategic planning phase focused on establishing the groundwork before assessment begins. It includes: (B) Applying classification criteria to rank data assets and related IT resources - actively categorizing assets using the established criteria; (C) Establishing criteria to classify and rank data assets - defining the classification standards; (D) Identifying threats, vulnerabilities, and controls that will be evaluated - scoping what will be assessed; and (E) Establishing criteria to evaluate threats, vulnerabilities, and controls - defining the evaluation methodology. Answer A (reviewing documentation and technical data) is a data-gathering activity that occurs in later phases of the RMF process, not during the strategic planning setup of Phase 0.
Topics
Community Discussion
No community discussion yet for this question.