Which of the following phases of NIST SP 800-37 C&A methodology examines the residual risk for acceptability, and prepares the final security accreditation package?

Which of the following phases of NIST SP 800-37 C&A methodology examines the residual risk for
acceptability, and prepares the final security accreditation package?

Which of the following phases of NIST SP 800-37 C&A methodology examines the residual risk for
acceptability, and prepares the final security accreditation package?

A.
Security Accreditation

B.
Initiation

C.
Continuous Monitoring

D.
Security Certification

Explanation:
The various phases of NIST SP 800-37 C&A are as follows: Phase 1: Initiation- This

phase includes preparation, notification and resource identification. It performs the security plan
analysis, update, and acceptance. Phase 2: Security Certification- The Security certification phase
evaluates the controls and documentation. Phase 3: Security Accreditation- The security
accreditation phase examines the residual risk for acceptability, and prepares the final security
accreditation package. Phase 4: Continuous Monitoring-This phase monitors the configuration
management and control, ongoing security control verification, and status reporting and
documentation.

Show Hint

Leave a Reply 0

Your email address will not be published. Required fields are marked *