What ensures that the control mechanisms correctly implement the security policy for the entire life cycle of an
information system?

A.
Accountability controls

B.
Mandatory access controls

C.
Assurance procedures

D.
Administrative controls

Explanation:
Controls provide accountability for individuals who are accessing sensitive information. This accountability is
accomplished through access control mechanisms that require identification and authentication and through the
audit function. These controls must be in accordance with and accurately represent the organization’s security
policy. Assurance procedures ensure that the control mechanisms correctly implement the security policy for
the entire life cycle of an information system.
Incorrect Answers:
A: Controls are administrative, logical/technical or physical. Accountability controls are not a defined control
type and do not ensure that the control mechanisms correctly implement the security policy for the entire life
cycle of an information system.
B: Mandatory access controls are an access control type. They do not ensure that the control mechanisms
correctly implement the security policy for the entire life cycle of an information system.
D: Administrative controls are a group of controls that include policies and procedures. However, assurance
procedures are the specific name for the set of procedures that ensure that the control mechanisms correctly
implement the security policy for the entire life cycle of an information system.

Krutz, Ronald L. and Russell Dean Vines, The CISSP and CAP Prep Guide: Mastering CISSP and CAP, Wiley
Publishing, Indianapolis, 2007, p. 47