CGRC · Question #609
CGRC Question #609: Real Exam Question with Answer & Explanation
The correct answer is A: Planned inputs, expected behavior, and expected outputs.. A functional description of a security control, especially for technical controls, must detail its planned inputs, anticipated behavior under various conditions, and the expected outputs or results it produces. This clarifies how the control operates and fulfills its security obj
Question
Functional description of security control implementation must include which of the following, primarily as related to technical controls employed in the system? Response:
Options
- APlanned inputs, expected behavior, and expected outputs.
- BImplementation statement and remediation plan.
- CRemediation plan and expected outputs
- DPlanned inputs implementation statement and expected behavior
Explanation
A functional description of a security control, especially for technical controls, must detail its planned inputs, anticipated behavior under various conditions, and the expected outputs or results it produces. This clarifies how the control operates and fulfills its security objective.
Common mistakes.
- B. An implementation statement describes how the control is put in place, and a remediation plan addresses identified weaknesses, but these are not primarily about the functional description of how the control operates in real-time.
- C. A remediation plan is for addressing deficiencies, not for describing the function of a control, and while expected outputs are relevant, inputs and behavior are also critical.
- D. An implementation statement describes what was done to set up the control, not its functional operation in terms of inputs, behavior, and outputs.
Concept tested. Security control functional description
Reference. https://csrc.nist.gov/publications/detail/sp/800-53a/rev-5/final
Topics
Community Discussion
No community discussion yet for this question.