CISSP · Question #766
Which of the following is the MAIN reason that system re-certification and re-accreditation are needed?
The correct answer is C. To verify that security protection remains acceptable to the organizational security policy. The main reason that system re-certification and re-accreditation are needed is to verify that the security protection of the system remains acceptable to the organizational security policy, especially after significant changes or updates to the system. Re-certification is the pr
Question
Which of the following is the MAIN reason that system re-certification and re-accreditation are needed?
Options
- ATo assist data owners in making future sensitivity and criticality determinations
- BTo assure the software development team that all security issues have been addressed
- CTo verify that security protection remains acceptable to the organizational security policy
- DTo help the security team accept or reject new systems for implementation and production
How the community answered
(44 responses)- B2% (1)
- C95% (42)
- D2% (1)
Explanation
The main reason that system re-certification and re-accreditation are needed is to verify that the security protection of the system remains acceptable to the organizational security policy, especially after significant changes or updates to the system. Re-certification is the process of reviewing and testing the security controls of the system to ensure that they are still effective and compliant with the security policy. Re-accreditation is the process of authorizing the system to operate based on the results of the re-certification.
Topics
Community Discussion
No community discussion yet for this question.