nerdexam
(ISC)2

CISSP-ISSEP · Question #169

Which of the following requires all general support systems and major applications to be fully certified and accredited before these systems and applications are put into production? Each correct answ

The correct answer is C. FISMA. FISMA (Federal Information Security Management Act) is the U.S. federal law that explicitly mandates all general support systems and major applications be certified and accredited (C&A) before deployment to production, making it the direct legal authority behind this requirement.

Governance and Training

Question

Which of the following requires all general support systems and major applications to be fully certified and accredited before these systems and applications are put into production? Each correct answer represents a part of the solution. Choose all that apply.

Options

  • AOffice of Management and Budget (OMB)
  • BNIST
  • CFISMA
  • DFIPS

How the community answered

(45 responses)
  • A
    2% (1)
  • B
    2% (1)
  • C
    96% (43)

Explanation

FISMA (Federal Information Security Management Act) is the U.S. federal law that explicitly mandates all general support systems and major applications be certified and accredited (C&A) before deployment to production, making it the direct legal authority behind this requirement.

OMB issues policy guidance (like Circular A-130) and oversees compliance with FISMA, but it is not the source of the C&A requirement itself - it enforces rather than establishes it. NIST publishes the frameworks and guidelines used to conduct C&A (such as SP 800-37), but as a standards body it has no legislative authority to require it. FIPS are specific technical standards (e.g., for encryption) issued under NIST, and while federal agencies must use them, FIPS doesn't govern the C&A process.

Memory tip: Think "FISMA = Federal law = Full accountability." FISMA is the law; NIST and FIPS are the tools used to comply with it; OMB is the enforcer. On the exam, if a question asks what requires C&A, the answer is always the law - FISMA.

Topics

#FISMA#Certification & Accreditation (C&A)#Assessment & Authorization (A&A)#Information Security Governance

Community Discussion

No community discussion yet for this question.

Full CISSP-ISSEP Practice