Which artifact did the person prepare as part of the C&A process?

Prepare for the FISMA Interview Test. Get familiar with key topics and enhance your knowledge with flashcards and multiple-choice questions. Study effectively and be ready for your exam!

Multiple Choice

Which artifact did the person prepare as part of the C&A process?

Explanation:
In the Certification and Accreditation process, the key task after identifying security weaknesses is to lay out how those weaknesses will be addressed. The Plan of Action and Milestones is exactly that: a living document that lists each deficiency, the specific actions needed to remediate it, who is responsible, and target dates for completion. It also tracks the current status of each action. This makes it the artifact that directly demonstrates how the organization plans to bring the system into compliance and achieve an authorization decision. The other artifacts serve different roles: the System Security Plan describes the implemented security controls and the system environment; the Security Assessment Report reports the findings of the security testing and evaluation; and the System Security Categorization determines the system’s impact level for tailoring controls. While all of these are part of the C&A package, the Plan of Action and Milestones is the one that focuses on remediation steps and milestones, which is why it’s the best answer.

In the Certification and Accreditation process, the key task after identifying security weaknesses is to lay out how those weaknesses will be addressed. The Plan of Action and Milestones is exactly that: a living document that lists each deficiency, the specific actions needed to remediate it, who is responsible, and target dates for completion. It also tracks the current status of each action. This makes it the artifact that directly demonstrates how the organization plans to bring the system into compliance and achieve an authorization decision.

The other artifacts serve different roles: the System Security Plan describes the implemented security controls and the system environment; the Security Assessment Report reports the findings of the security testing and evaluation; and the System Security Categorization determines the system’s impact level for tailoring controls. While all of these are part of the C&A package, the Plan of Action and Milestones is the one that focuses on remediation steps and milestones, which is why it’s the best answer.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy