CSSLP · Question #190
CSSLP Question #190: Real Exam Question with Answer & Explanation
The correct answer is B: Post-Authorization. The System Authorization Plan (SAP) involves distinct phases including Pre-certification, Certification, Authorization, and Post-Authorization, which guide the comprehensive risk management process for information systems.
Question
System Authorization is the risk management process. System Authorization Plan (SAP) is a comprehensive and uniform approach to the System Authorization Process. What are the different phases of System Authorization Plan? Each correct answer represents a part of the solution. Choose all that apply.
Options
- APost-certification
- BPost-Authorization
- CAuthorization
- DPre-certification
- ECertification
Explanation
The System Authorization Plan (SAP) involves distinct phases including Pre-certification, Certification, Authorization, and Post-Authorization, which guide the comprehensive risk management process for information systems.
Common mistakes.
- A. Post-certification is not a distinct phase; rather, certification is followed by the authorization decision and then ongoing monitoring (post-authorization).
Concept tested. System Authorization Plan (SAP) phases
Reference. https://csrc.nist.gov/glossary/term/authorization
Topics
Community Discussion
No community discussion yet for this question.