CGRC · Question #554
CGRC Question #554: Real Exam Question with Answer & Explanation
The correct answer is A: Information System Owner. The Information System Owner holds the RMF role responsible for ensuring that the security assessment plan aligns with the system's security objectives and accurately reflects the appropriate tools and techniques to be used.
Question
Which RMF role must ensure security assessment plan is constent with or security objectives, reflects the use of tools, techniques, etc..? Response:
Options
- AInformation System Owner
- BAuthorizing Official
- CInformation Systems Security Officer
- DIntegrated Safeguards Security Management
Explanation
The Information System Owner holds the RMF role responsible for ensuring that the security assessment plan aligns with the system's security objectives and accurately reflects the appropriate tools and techniques to be used.
Common mistakes.
- B. The Authorizing Official makes the final risk acceptance decision but does not typically ensure the specific details of the security assessment plan's tools and techniques.
- C. The Information Systems Security Officer (ISSO) advises on security and helps ensure compliance but the primary accountability for the system's security and assessment plan consistency rests with the System Owner.
- D. "Integrated Safeguards Security Management" is not a standard, recognized role within the Risk Management Framework (RMF).
Concept tested. RMF Information System Owner responsibilities
Reference. https://csrc.nist.gov/publications/detail/sp/800-37/rev-2/final
Topics
Community Discussion
No community discussion yet for this question.