Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions

ISC2 Exam ISSEP Topic 4 Question 57 Discussion

Actual exam question for ISC2's Information Systems Security Engineering Professional exam
Question #: 57
Topic #: 4
[All Information Systems Security Engineering Professional Questions]

Which of the following phases of NIST SP 800-37 C&A methodology examines the residual risk for

acceptability, and prepares the final security accreditation package?

Show Suggested Answer Hide Answer
Suggested Answer: D

The various phases of NIST SP 800-37 C&A are as follows:

Phase 1: Initiation- This phase includes preparation, notification and resource identification. It

performs the security plan analysis,

update, and acceptance.

Phase 2: Security Certification- The Security certification phase evaluates the controls and

documentation.

Phase 3: Security Accreditation- The security accreditation phase examines the residual risk for

acceptability, and prepares the final

security accreditation package.

Phase 4: Continuous Monitoring-This phase monitors the configuration management and control,

ongoing security control verification,

and status reporting and documentation.


Comments

Currently there are no comments in this discussion, be the first to comment!


Save Cancel