System Authorization is the risk management process. System Authorization Plan (SAP) is a comprehensive and uniform approach to the System Authorization Process. What are the different phases of System Authorization Plan?
Each correct answer represents a part of the solution. Choose all that apply.
A.
Authorization
B.
Post-certification
C.
Certification
D.
Pre-certification
E.
Post-Authorization
Explanation:
The creation of System Authorization Plan (SAP) is mandated by System Authorization. System Authorization Plan (SAP) is a comprehensive and uniform approach to the System Authorization Process. It consists of four phases.
Phase 1 – Pre-certification
Phase 2 – Certification
Phase 3 – Authorization
Phase 4 – Post-AuthorizationWhat is System Authorization?
System Authorization is the risk management process that helps in assessing risk associated with a system and takes steps to mitigate vulnerabilities to reduce risk to an acceptable level. Risk management is a process of identifying, controlling, and extenuating IT system-related risks. It includes risk assessment, analysis of cost benefit, selection, implementation, test, and measurement of security controls. Reference: The CISSP and CAP Study Guide, Contents. "Understanding Certification and Accreditation"
ACDE