nerdexam
(ISC)2

CISSP · Question #766

Which of the following is the MAIN reason that system re-certification and re-accreditation are needed?

The correct answer is C. To verify that security protection remains acceptable to the organizational security policy. The main reason that system re-certification and re-accreditation are needed is to verify that the security protection of the system remains acceptable to the organizational security policy, especially after significant changes or updates to the system. Re-certification is the pr

Submitted by yousef_jo· Mar 5, 2026Security and Risk Management

Question

Which of the following is the MAIN reason that system re-certification and re-accreditation are needed?

Options

  • ATo assist data owners in making future sensitivity and criticality determinations
  • BTo assure the software development team that all security issues have been addressed
  • CTo verify that security protection remains acceptable to the organizational security policy
  • DTo help the security team accept or reject new systems for implementation and production

How the community answered

(44 responses)
  • B
    2% (1)
  • C
    95% (42)
  • D
    2% (1)

Explanation

The main reason that system re-certification and re-accreditation are needed is to verify that the security protection of the system remains acceptable to the organizational security policy, especially after significant changes or updates to the system. Re-certification is the process of reviewing and testing the security controls of the system to ensure that they are still effective and compliant with the security policy. Re-accreditation is the process of authorizing the system to operate based on the results of the re-certification.

Topics

#system re-certification#re-accreditation#security policy compliance#ongoing assurance

Community Discussion

No community discussion yet for this question.

Full CISSP Practice