Which of the following phases of NIST SP 800-37 C&A methodology will define the above task?

seenagapeFebruary 20, 2013

Della works as a security engineer for BlueWell Inc. She wants to establish configuration
management and control procedures that will document proposed or actual changes to the
information system. Which of the following phases of NIST SP 800-37 C&A methodology will
define the above task?

PrepAway - Latest Free Exam Questions & Answers

A.
Initiation

B.
Security Certification

C.
Continuous Monitoring

D.
Security Accreditation

Explanation:
The various phases of NIST SP 800-37 C&A are as follows:
Phase 1: Initiation- This phase includes preparation, notification and resource identification. It
performs the security plan analysis, update, and acceptance. Phase 2: Security Certification- The
Security certification phase evaluates the controls and documentation. Phase 3: Security
Accreditation- The security accreditation phase examines the residual risk for acceptability, and
prepares the final security accreditation package. Phase 4: Continuous Monitoring-This phase
monitors the configuration management and control, ongoing security control verification, and
status reporting and documentation.

Get 50% Discount on All Your Purchases
at PrepAway.com - Latest Exam Questions

This is ONE TIME OFFER

Enter your email address to receive your 50% off dicount code:

SPECIAL OFFER: GET 50% OFF

Use Discount Code:

ISC Exam Questions

Free ISC2 Study Guide

Which of the following phases of NIST SP 800-37 C&A methodology will define the above task?

Leave a Reply Cancel reply