CGRC · Question #175
CGRC Question #175: Real Exam Question with Answer & Explanation
The correct answer is A: Post-Authorization. The phases of a System Authorization Plan typically encompass pre-certification activities, the formal certification assessment, the authorization decision, and continuous monitoring post-authorization.
Question
System Authorization is the risk management process. System Authorization Plan (SAP) is a comprehensive and uniform approach to the System Authorization Process. What are the different phases of System Authorization Plan? Each correct answer represents a part of the solution. Choose all that apply. Response:
Options
- APost-Authorization
- BPre-certification
- CPost-certification
- DCertification
- EAuthorization
Explanation
The phases of a System Authorization Plan typically encompass pre-certification activities, the formal certification assessment, the authorization decision, and continuous monitoring post-authorization.
Common mistakes.
- C. Post-certification is not typically a distinct phase in the same manner; activities following certification are usually covered under the broader 'Post-Authorization' phase, which includes continuous monitoring and reauthorization cycles.
Concept tested. System Authorization Plan phases (NIST RMF)
Reference. https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-37r2.pdf
Topics
Community Discussion
No community discussion yet for this question.