which of the following phases of NIST SP 800-37 C&A methodology does the security categorization occur?

seenagapeFebruary 20, 2013

You work as a security manager for BlueWell Inc. You are going through the NIST SP 800-37 C&A
methodology, which is based on four well defined phases. In which of the following phases of
NIST SP 800-37 C&A methodology does the security categorization occur?

PrepAway - Latest Free Exam Questions & Answers

A.
Security Accreditation

B.
Security Certification

C.
Continuous Monitoring

D.
Initiation

Explanation:
The various phases of NIST SP 800-37 C&A are as follows: Phase 1: Initiation- This
phase includes preparation, notification and resource identification. It performs the security plan
analysis, update, and acceptance. Phase 2: Security Certification- The Security certification phase
evaluates the controls and documentation. Phase 3: Security Accreditation- The security
accreditation phase examines the residual risk for acceptability, and prepares the final security
accreditation package. Phase 4: Continuous Monitoring-This phase monitors the configuration
management and control, ongoing security control verification, and status reporting and
documentation.

Get 50% Discount on All Your Purchases
at PrepAway.com - Latest Exam Questions

This is ONE TIME OFFER

Enter your email address to receive your 50% off dicount code:

SPECIAL OFFER: GET 50% OFF

Use Discount Code:

ISC Exam Questions

Free ISC2 Study Guide

which of the following phases of NIST SP 800-37 C&A methodology does the security categorization occur?

Leave a Reply Cancel reply