CISSP · Question #1100
During testing, where are the requirements to inform parent organizations, law enforcement, and a computer incident response team documented?
The correct answer is B. Security assessment plan. The Security Assessment Plan (SAP) documents the rules and requirements governing how a security assessment will be conducted, including notification obligations to parent organizations, law enforcement, and incident response teams.
Question
During testing, where are the requirements to inform parent organizations, law enforcement, and a computer incident response team documented?
Options
- AUnit test results
- BSecurity assessment plan
- CSystem integration plan
- DSecurity Assessment Report (SAR)
How the community answered
(34 responses)- A12% (4)
- B79% (27)
- C6% (2)
- D3% (1)
Why each option
The Security Assessment Plan (SAP) documents the rules and requirements governing how a security assessment will be conducted, including notification obligations to parent organizations, law enforcement, and incident response teams.
Unit test results are outputs that document the outcomes of individual software component tests and do not contain procedural or legal notification requirements for organizations or law enforcement.
The Security Assessment Plan (SAP) is the authoritative document that establishes the scope, rules of engagement, and procedural requirements for a security assessment, including mandatory notification requirements to parent organizations, law enforcement, and CIRTs if testing triggers incidents or discoveries. It defines these obligations before testing begins so all stakeholders understand their roles and legal requirements. This is aligned with NIST SP 800-53A and FedRAMP SAP guidance, which require such escalation and notification procedures to be pre-documented in the plan.
A System Integration Plan describes how system components are combined and interfaces are managed during integration, not the legal and organizational notification requirements during security testing.
The Security Assessment Report (SAR) is a post-assessment artifact that documents findings, vulnerabilities, and recommendations after testing is complete, not the pre-established requirements and rules of engagement that govern the testing process.
Concept tested: Security Assessment Plan notification and escalation requirements
Source: https://csrc.nist.gov/publications/detail/sp/800-53a/rev-5/final
Topics
Community Discussion
No community discussion yet for this question.