CGRC Question #507: Real Exam Question with Answer & Explanation

The correct answer is A: Leveraged. The Leveraged authorization approach involves an organization accepting existing authorization results from another entity after considering factors like the time elapsed, operating environment, information criticality, and risk tolerance.

Security and Privacy Governance, Risk Management, and Compliance Program

Question

Which authorization approach considers time elapsed since the authorization results were produced, the environment of operation, the criticality/sensitivity of the information, and the risk tolerance of the other organization? Response:

Options

ALeveraged
BSingle
CJoint
DSite specific

Explanation

The Leveraged authorization approach involves an organization accepting existing authorization results from another entity after considering factors like the time elapsed, operating environment, information criticality, and risk tolerance.

Common mistakes.

B. A 'Single' authorization approach refers to an organization conducting its own authorization for its own system without relying on external packages.
C. A 'Joint' authorization approach involves multiple organizations collaborating to produce a single authorization package for a system shared between them.
D. A 'Site specific' authorization refers to an authorization tailored to a particular physical location or facility, which is not the primary characteristic described.

Concept tested. RMF Authorization Approaches - Leveraged

Reference. https://csrc.nist.gov/publications/detail/sp/800-37/rev-2/final

Topics

#Leveraged Authorization#Risk Management#Authorization Decision#NIST RMF

Community Discussion

No community discussion yet for this question.

Full CGRC Practice Browse All CGRC Questions