CGRC Question #526: Real Exam Question with Answer & Explanation

Sign in or unlock CGRC to reveal the answer and full explanation for question #526. The question stem and answer options stay visible for context.

Assessment/Audit of Security and Privacy Controls

Question

An initial remediation action was taken by the information system owner (ISO) based on findings from the security assessment report (SAR). What is the next appropriate step based on the Risk Management Framework (RMF)? Response:

Options

AISO documents the remedial action in the security plan.
BInclude the remediation action taken by information system owner as an addendum to the SAR.
CInformation system security officer (ISSO) documents the remediation action and informs the ISO.
DRemedial action taken is sent for review to the ISSO.

Unlock CGRC to see the answer

You've previewed enough free CGRC questions. Unlock CGRC for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.

Unlock CGRC - $49.99 / 30 days Sign in

Topics

#Risk Management Framework (RMF)#Remediation#Security Assessment Report (SAR)#Documentation

Full CGRC Practice Browse All CGRC Questions