The C&A process is part of implementing which federal law?

Prepare for the FISMA Interview Test. Get familiar with key topics and enhance your knowledge with flashcards and multiple-choice questions. Study effectively and be ready for your exam!

Multiple Choice

The C&A process is part of implementing which federal law?

Explanation:
Certification and Accreditation is the formal step in the federal information security process used to validate that security controls are properly implemented and to obtain authorization to operate a system. This fits under the Federal Information Security Management Act, which requires agencies to implement an information security program and assess and authorize systems before they go live and throughout their operation. The other laws—HIPAA, FERPA, and GLBA—address privacy and security within their own domains but do not establish a C&A/authorization process as part of compliance. In federal practice, C&A is tied to FISMA and the overall risk management framework used to keep government information systems secure.

Certification and Accreditation is the formal step in the federal information security process used to validate that security controls are properly implemented and to obtain authorization to operate a system. This fits under the Federal Information Security Management Act, which requires agencies to implement an information security program and assess and authorize systems before they go live and throughout their operation. The other laws—HIPAA, FERPA, and GLBA—address privacy and security within their own domains but do not establish a C&A/authorization process as part of compliance. In federal practice, C&A is tied to FISMA and the overall risk management framework used to keep government information systems secure.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy