Della works as a security engineer for BlueWell Inc. She wants to establish configuration
management and control procedures that will document proposed or actual changes to the
information system. Which of the following phases of NIST SP 800-37 C&A methodology will
define the above task

Which of the following types of CNSS issuances establishes or describes policy and programs,
provides authority, or assigns responsibilities

Which of the following individuals is an upper-level manager who has the power and capability to
evaluate the mission, business case, and budgetary needs of the system while also considering
the security risks

Which of the following rated systems of the Orange book has mandatory protection of the TCB

Which of the following categories of system specification describes the technical requirements that
cover a service, which is performed on a component of the system

Which of the following DITSCAPNIACAP model phases is used to show the required evidence to
support the DAA in accreditation process and conclude in an Approval To Operate (ATO)

Which of the following is a 1996 United States federal law, designed to improve the way the
federal government acquires, uses, and disposes information technology

An Authorizing Official plays the role of an approver. What are the responsibilities of an
Authorizing Official Each correct answer represents a complete solution. Choose all that apply.

Which of the following areas of information system, as separated by Information Assurance
Framework, is a collection of local computing devices, regardless of physical location, that are
interconnected via local area networks (LANs) and governed by a single security policy

Which of the following individuals informs all C&A participants about life cycle actions, security
requirements, and documented user needs