CISSP · Question #213
An organization has developed a major application that has undergone accreditation testing. After receiving the results of the evaluation, what is the final step before the application can be accredit
The correct answer is A. Acceptance of risk by the authorizing official. The final step before the application can be accredited is the acceptance of risk by the authorizing official, who is responsible for making the final decision on whether to authorize the operation of the system or not. The authorizing official must review the results of the eval
Question
An organization has developed a major application that has undergone accreditation testing. After receiving the results of the evaluation, what is the final step before the application can be accredited?
Options
- AAcceptance of risk by the authorizing official
- BRemediation of vulnerabilities
- CAdoption of standardized policies and procedures
- DApproval of the System Security Plan (SSP)
How the community answered
(26 responses)- A92% (24)
- B4% (1)
- D4% (1)
Explanation
The final step before the application can be accredited is the acceptance of risk by the authorizing official, who is responsible for making the final decision on whether to authorize the operation of the system or not. The authorizing official must review the results of the evaluation, the System Security Plan (SSP), and the residual risks, and determine if the risks are acceptable or not.
Topics
Community Discussion
No community discussion yet for this question.