nerdexam
ExamsCISSPQuestions#1177
(ISC)2(ISC)2

CISSP · Question #1177

CISSP Question #1177: Real Exam Question with Answer & Explanation

The correct answer is D: Mission/Business Owner. The role that provides the authoritative guidance for the transfer of project-related Controlled Unclassified Information (CUI) between systems of differing security classifications is the mission/business owner. The mission/business owner is the person or the entity that has the

Submitted by asante_acc· Mar 5, 2026Security and Risk Management

Question

A project manager for a large software firm has acquired a government contract that generates large amounts of Controlled Unclassified Information (CUI). The organization's information security manager has received a request to transfer project-related CUI between systems of differing security classifications. What role provides the authoritative guidance for this transfer?

Options

  • AInformation owner
  • BPM
  • CData Custodian
  • DMission/Business Owner

Explanation

The role that provides the authoritative guidance for the transfer of project-related Controlled Unclassified Information (CUI) between systems of differing security classifications is the mission/business owner. The mission/business owner is the person or the entity that has the authority and the responsibility for the mission or the business function that requires the use of the CUI. The mission/business owner should determine the security requirements, the classification levels, the dissemination controls, and the transfer procedures for the CUI, in accordance with the relevant laws, regulations, and standards. The mission/business owner should also coordinate with the information owner, the data custodian, and the project manager to ensure the proper handling and protection of the CUI. The information owner is the person or the entity that has the authority and the responsibility for the creation, collection, processing, or dissemination of the information, such as the CUI. The information owner should assign the security classification and the access permissions for the information, and delegate the operational tasks to the data custodian. The data custodian is the person or the entity that has the authority and the responsibility for the storage, maintenance, and protection of the information, such as the CUI. The data custodian should implement the security controls and the backup and recovery procedures for the information, and follow the instructions of the information owner and the mission/business owner. The project manager is the person or the entity that has the authority and the responsibility for the planning, execution, monitoring, and closure of the project that involves the use of the information, such as the CUI. The project manager should coordinate with the project team, the stakeholders, and the sponsors to ensure the successful delivery of the project, and comply with the security requirements and the transfer procedures for the information, as defined by the mission/business owner and the information owner.

Topics

#data ownership#Controlled Unclassified Information (CUI)#information governance

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full CISSP PracticeBrowse All CISSP Questions