nerdexam
(ISC)2

CISSP-ISSEP · Question #110

Which of the following are the phases of the Certification and Accreditation (C&A) process? Each correct answer represents a complete solution. Choose two.

The correct answer is B. Initiation C. Continuous Monitoring. Certification and Accreditation (C&A), as defined by NIST SP 800-37, consists of four phases: Initiation, Security Certification, Security Accreditation, and Continuous Monitoring - making B and C correct. Initiation kicks off the process by establishing the scope, gathering syst

Risk Management

Question

Which of the following are the phases of the Certification and Accreditation (C&A) process? Each correct answer represents a complete solution. Choose two.

Options

  • AAuditing
  • BInitiation
  • CContinuous Monitoring
  • DDetection

How the community answered

(25 responses)
  • A
    4% (1)
  • B
    92% (23)
  • D
    4% (1)

Explanation

Certification and Accreditation (C&A), as defined by NIST SP 800-37, consists of four phases: Initiation, Security Certification, Security Accreditation, and Continuous Monitoring - making B and C correct. Initiation kicks off the process by establishing the scope, gathering system documentation, and assigning roles, while Continuous Monitoring ensures ongoing security posture is maintained after accreditation is granted.

Auditing (A) is a general security activity and audit technique, but it is not a named phase within the C&A framework. Detection (D) belongs to incident response and monitoring methodologies (like the NIST Cybersecurity Framework), not the C&A phase structure.

Memory tip: Think of C&A as a lifecycle - it starts (Initiation) and never fully stops (Continuous Monitoring). The two bookend phases are the ones most likely to appear on exams precisely because they define the boundaries of the process.

Topics

#Certification and Accreditation (C&A)#Risk Management Framework (RMF)#Security Authorization#Information System Lifecycle

Community Discussion

No community discussion yet for this question.

Full CISSP-ISSEP Practice