nerdexam
(ISC)2

CISSP · Question #213

An organization has developed a major application that has undergone accreditation testing. After receiving the results of the evaluation, what is the final step before the application can be accredit

The correct answer is A. Acceptance of risk by the authorizing official. The final step before the application can be accredited is the acceptance of risk by the authorizing official, who is responsible for making the final decision on whether to authorize the operation of the system or not. The authorizing official must review the results of the eval

Submitted by chiamaka_o· Mar 5, 2026Security and Risk Management

Question

An organization has developed a major application that has undergone accreditation testing. After receiving the results of the evaluation, what is the final step before the application can be accredited?

Options

  • AAcceptance of risk by the authorizing official
  • BRemediation of vulnerabilities
  • CAdoption of standardized policies and procedures
  • DApproval of the System Security Plan (SSP)

How the community answered

(26 responses)
  • A
    92% (24)
  • B
    4% (1)
  • D
    4% (1)

Explanation

The final step before the application can be accredited is the acceptance of risk by the authorizing official, who is responsible for making the final decision on whether to authorize the operation of the system or not. The authorizing official must review the results of the evaluation, the System Security Plan (SSP), and the residual risks, and determine if the risks are acceptable or not.

Topics

#accreditation#risk acceptance#authorizing official#risk management framework

Community Discussion

No community discussion yet for this question.

Full CISSP Practice