CISSP-ISSEP · Question #185
Which of the following professionals is responsible for starting the Certification & Accreditation (C&A) process?
The correct answer is B. Information system owner. The Information System Owner (B) initiates the C&A process because they are responsible for the system being certified - they initiate the request, provide system documentation, and coordinate with other stakeholders to get the process started. The Authorizing Official (A) comes
Question
Which of the following professionals is responsible for starting the Certification & Accreditation (C&A) process?
Options
- AAuthorizing Official
- BInformation system owner
- CChief Information Officer (CIO)
- DChief Risk Officer (CRO)
How the community answered
(45 responses)- A2% (1)
- B87% (39)
- C4% (2)
- D7% (3)
Explanation
The Information System Owner (B) initiates the C&A process because they are responsible for the system being certified - they initiate the request, provide system documentation, and coordinate with other stakeholders to get the process started.
The Authorizing Official (A) comes in at the end of the process, granting or denying the Authorization to Operate (ATO) - they approve, they don't start. The CIO (C) has broad IT governance responsibilities but delegates system-level C&A initiation to the system owner. The Chief Risk Officer (D) is an enterprise risk role that doesn't have a defined triggering role in the C&A/RMF process.
Memory tip: Think "owner starts, official approves." The person who owns the system kicks things off; the Authorizing Official has the final say. Ownership = initiation.
Topics
Community Discussion
No community discussion yet for this question.