Which of the following statements are true about Continuous Monitoring? Each correct answer represents a complete solution

Which of the following statements are true about Continuous Monitoring? Each correct answer represents a complete solution. Choose all that apply.

Which of the following statements are true about Continuous Monitoring? Each correct answer represents a complete solution. Choose all that apply.

A.
It involves tracking changes to the information system that occur during its lifetime, and then determines the impact of those changes on the system security.

B.
Continuous monitoring process is used extensively in the U.S. Federal Government.

C.
Continuous monitoring in any system takes place after initial system security accreditation.

D.
It is a systematic procedure for evaluating, describing, testing, and authorizing systems prior to or after a system is in operation.

Explanation:
Continuous monitoring in any system takes place after initial system security accreditation. It involves tracking changes to the information system that occur during its lifetime, and then determines the impact of those changes on the system security. Due to the necessary changes in hardware, software, and firmware during the lifetime of an information system, an evaluation of the results of these modifications has to be conducted to determine whether corresponding changes necessarily have to be made to security controls, to bring the system to the desired security state.

Certification and Accreditation (C&A or CnA) is a process for implementing information security. It is a systematic procedure for evaluating, describing, testing, and authorizing systems prior to or after a system is in operation. The C&A process is used extensively in the U.S. Federal Government.



Leave a Reply 0

Your email address will not be published. Required fields are marked *