CISSP Question #520: Real Exam Question with Answer & Explanation

The correct answer is B: Authorizing Official (AO). The Authorizing Official (AO) determines the required level of independence for security control assessors (SCA). The AO is the senior official or executive who has the authority to formally assume responsibility for operating an information system at an acceptable level of risk.

Submitted by wei.xz· Mar 5, 2026Security Assessment and Testing

Question

Who determines the required level of independence for security control Assessors (SCA)?

Options

ABusiness owner
BAuthorizing Official (AO)
CChief Information Security Officer (CISC)
DSystem owner

Explanation

The Authorizing Official (AO) determines the required level of independence for security control assessors (SCA). The AO is the senior official or executive who has the authority to formally assume responsibility for operating an information system at an acceptable level of risk. The AO decides the extent of independence needed for the SCA to conduct an objective and impartial assessment of the security controls implemented in the system. The level of independence may vary depending on the type, complexity, and criticality of the system, as well as the organizational policies and standards.

Topics

#Authorizing Official (AO)#security control assessor (SCA)#independence#security governance

Community Discussion

No community discussion yet for this question.

Full CISSP Practice Browse All CISSP Questions