nerdexam
(ISC)2

CISSP-ISSEP · Question #107

System Authorization is the risk management process. System Authorization Plan (SAP) is a comprehensive and uniform approach to the System Authorization Process. What are the different phases of Syste

The correct answer is A. Certification B. Authorization D. Post-Authorization E. Pre-certification. Options A, B, D, and E are correct because the System Authorization Plan (SAP) follows four sequential phases: Pre-certification (E) - preparation activities before evaluation begins; Certification (A) - formal evaluation of the system's security controls; Authorization (B) - the

Risk Management

Question

System Authorization is the risk management process. System Authorization Plan (SAP) is a comprehensive and uniform approach to the System Authorization Process. What are the different phases of System Authorization Plan? Each correct answer represents a part of the solution. Choose all that apply.

Options

  • ACertification
  • BAuthorization
  • CPost-certification
  • DPost-Authorization
  • EPre-certification

How the community answered

(52 responses)
  • A
    92% (48)
  • C
    8% (4)

Explanation

Options A, B, D, and E are correct because the System Authorization Plan (SAP) follows four sequential phases: Pre-certification (E) - preparation activities before evaluation begins; Certification (A) - formal evaluation of the system's security controls; Authorization (B) - the authorizing official's decision to grant or deny an Authority to Operate (ATO); and Post-Authorization (D) - ongoing monitoring and maintenance of the authorization status. Option C (Post-certification) is the distractor and is incorrect because there is no distinct "Post-certification" phase in the SAP - the process moves directly from Certification into Authorization, making "Post-certification" a fabricated step that doesn't exist in the framework.

Memory tip: Use the acronym PC-A-B-D → think "Please Can Anyone Be Done?" for Pre-certification → Certification → Authorization → Post-Authorization (Done). If you see "Post-certification," recognize it as a trap - the SAP never backtracks between Certification and Authorization.

Topics

#System Authorization Process#Certification and Accreditation (C&A)#Risk Management Framework (RMF)#Authorization Phases

Community Discussion

No community discussion yet for this question.

Full CISSP-ISSEP Practice