Accreditation boundary according to NIST SP 800-37 regroups

Prepare for the FISMA Interview Test. Get familiar with key topics and enhance your knowledge with flashcards and multiple-choice questions. Study effectively and be ready for your exam!

Multiple Choice

Accreditation boundary according to NIST SP 800-37 regroups

Explanation:
The important idea here is what gets evaluated and approved in a security authorization. The accreditation boundary defines the scope of an information system that will be assessed and authorized by the authorizing official. It includes all components that make up the information system to be accredited, and it excludes separately accredited systems that are connected to it. This framing ensures the risk assessment and protections apply to the system as a unified package, without subsuming other systems that have their own authorizations. That’s why this choice fits best: it accurately describes the boundary as the entire system to be accredited, while omitting other systems that are connected but carry their own authorization. The other options describe boundaries that are either too broad (the whole organization network), too narrow (the physical perimeter, or just the software portion), and don’t reflect the formal authorization scope defined in the RMF.

The important idea here is what gets evaluated and approved in a security authorization. The accreditation boundary defines the scope of an information system that will be assessed and authorized by the authorizing official. It includes all components that make up the information system to be accredited, and it excludes separately accredited systems that are connected to it. This framing ensures the risk assessment and protections apply to the system as a unified package, without subsuming other systems that have their own authorizations.

That’s why this choice fits best: it accurately describes the boundary as the entire system to be accredited, while omitting other systems that are connected but carry their own authorization. The other options describe boundaries that are either too broad (the whole organization network), too narrow (the physical perimeter, or just the software portion), and don’t reflect the formal authorization scope defined in the RMF.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy