CGRC Question #307: Real Exam Question with Answer & Explanation

The correct answer is A: Risk executive. The Risk Executive role within the RMF establishes risk management roles and responsibilities and advises authorizing officials on the risk management strategy.

Security and Privacy Governance, Risk Management, and Compliance Program

Question

Which RMF role establishes risk management roles and responsibilities and provides advice and relevant information to authorizing officials concerning the risk management strategy to guide authorization decision making. Response:

Options

ARisk executive
BSystem owner
CCommon control provider
DISSE

Explanation

The Risk Executive role within the RMF establishes risk management roles and responsibilities and advises authorizing officials on the risk management strategy.

Common mistakes.

B. The System Owner is accountable for a specific information system, not the overarching enterprise risk management strategy.
C. A Common Control Provider implements and monitors shared security controls, but does not establish the organization's risk management strategy.
D. An Information System Security Engineer (ISSE) focuses on the engineering and implementation of security solutions for systems.

Concept tested. RMF Roles - Risk Executive Responsibilities

Reference. https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-37r2.pdf

Topics

#RMF Roles#Risk Executive#Risk Management Strategy#Authorization Decisions

Community Discussion

No community discussion yet for this question.

Full CGRC Practice Browse All CGRC Questions