nerdexam
(ISC)2

CAP · Question #348

The phase 0 of Risk Management Framework (RMF) is known as strategic risk assessment planning. Which of the following processes take place in phase 0? Each correct answer represents a complete solutio

The correct answer is B. Apply classification criteria to rank data assets and related IT resources. C. Establish criteria that will be used to classify and rank data assets. D. Identify threats, vulnerabilities, and controls that will be evaluated. E. Establish criteria that will be used to evaluate threats, vulnerabilities, and controls.. RMF Phase 0 is the strategic planning phase focused on establishing the groundwork before assessment begins. It includes: (B) Applying classification criteria to rank data assets and related IT resources - actively categorizing assets using the established criteria; (C) Establish

Security and Privacy Governance, Risk Management, and Compliance Program

Question

The phase 0 of Risk Management Framework (RMF) is known as strategic risk assessment planning. Which of the following processes take place in phase 0? Each correct answer represents a complete solution. Choose all that apply.

Options

  • AReview documentation and technical data.
  • BApply classification criteria to rank data assets and related IT resources.
  • CEstablish criteria that will be used to classify and rank data assets.
  • DIdentify threats, vulnerabilities, and controls that will be evaluated.
  • EEstablish criteria that will be used to evaluate threats, vulnerabilities, and controls.

How the community answered

(29 responses)
  • A
    28% (8)
  • B
    72% (21)

Explanation

RMF Phase 0 is the strategic planning phase focused on establishing the groundwork before assessment begins. It includes: (B) Applying classification criteria to rank data assets and related IT resources - actively categorizing assets using the established criteria; (C) Establishing criteria to classify and rank data assets - defining the classification standards; (D) Identifying threats, vulnerabilities, and controls that will be evaluated - scoping what will be assessed; and (E) Establishing criteria to evaluate threats, vulnerabilities, and controls - defining the evaluation methodology. Answer A (reviewing documentation and technical data) is a data-gathering activity that occurs in later phases of the RMF process, not during the strategic planning setup of Phase 0.

Topics

#Risk Management Framework (RMF)#RMF Phase 0 (Prepare)#Strategic Risk Assessment Planning#Data Classification Criteria

Community Discussion

No community discussion yet for this question.

Full CAP Practice