which of the following phases of NIST SP 800-37 C&A methodology does the security categorization occur?

You work as a security manager for BlueWell Inc. You are going through the NIST SP 800-37 C&A
methodology, which is based on four well defined phases. In which of the following phases of
NIST SP 800-37 C&A methodology does the security categorization occur?

You work as a security manager for BlueWell Inc. You are going through the NIST SP 800-37 C&A
methodology, which is based on four well defined phases. In which of the following phases of
NIST SP 800-37 C&A methodology does the security categorization occur?

A.
Security Accreditation

B.
Security Certification

C.
Continuous Monitoring

D.
Initiation

Explanation:
The various phases of NIST SP 800-37 C&A are as follows: Phase 1: Initiation- This
phase includes preparation, notification and resource identification. It performs the security plan
analysis, update, and acceptance. Phase 2: Security Certification- The Security certification phase
evaluates the controls and documentation. Phase 3: Security Accreditation- The security
accreditation phase examines the residual risk for acceptability, and prepares the final security
accreditation package. Phase 4: Continuous Monitoring-This phase monitors the configuration
management and control, ongoing security control verification, and status reporting and
documentation.



Leave a Reply 0

Your email address will not be published. Required fields are marked *