In FISMA, ________ is done internally by the organization.

Prepare for the Network Security (NETSEC) 2 Exam. Utilize flashcards and multiple choice questions, complete with hints and detailed explanations. Excel in your security skills!

Multiple Choice

In FISMA, ________ is done internally by the organization.

Explanation:
Under FISMA, the organization handles the full Certification and Accreditation process to obtain authorization to operate. Certification means testing and evaluating security controls to verify they meet required standards, usually documented in a Security Assessment Report. Accreditation is the formal management authorization to operate the system, based on the certification results and risk assessment, granted by the designated Authorizing Official. Because both steps are managed within the organization as part of its security program, both certification and accreditation are done internally. The other options don’t fit because FISMA requires the complete C&A process, not just one part or neither.

Under FISMA, the organization handles the full Certification and Accreditation process to obtain authorization to operate. Certification means testing and evaluating security controls to verify they meet required standards, usually documented in a Security Assessment Report. Accreditation is the formal management authorization to operate the system, based on the certification results and risk assessment, granted by the designated Authorizing Official. Because both steps are managed within the organization as part of its security program, both certification and accreditation are done internally. The other options don’t fit because FISMA requires the complete C&A process, not just one part or neither.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy