Which of the following come under the management class of controls?
Each correct answer represents a complete solution. Choose all that apply.

A.
Risk assessment control

B.
Audit and accountability control

C.
Program management control

D.
Identification and authentication control

Explanation:

The Management class of controls includes five families. These families include over 40 individual
controls. Following is a list of each of the families in the Management class:
Certification, Accreditation, and Security Assessment (CA): This family of controls addresses steps
to implement a security and assessment program. It includes controls to ensure only authorized
systems are allowed on a network. It includes details on important security concepts, such as
continuous monitoring and a plan of action and milestones.
Planning (PL): The PL family focuses on security plans for systems. It also covers Rules of
Behaviour for users. Rules of Behaviour are also called an acceptable use policy.
Risk Assessment (RA): This family of controls provides details on risk assessments and
vulnerability scanning.
System and Services Acquisition (SA): The SA family includes any controls related to the
purchase of products and services. It also includes controls related to software usage and user
installed software.
Program Management (PM): This family is driven by the Federal Information Security
Management Act (FISMA). It provides controls to ensure compliance with FISMA. These controls
complement other controls. They don’t replace them.
control are technical class of controls.