Which of the following is the final phase in the C&A process?

Prepare for the FISMA Interview Test. Get familiar with key topics and enhance your knowledge with flashcards and multiple-choice questions. Study effectively and be ready for your exam!

Multiple Choice

Which of the following is the final phase in the C&A process?

Explanation:
Monitoring is the final phase because authorization isn’t a one-time event; it relies on ongoing oversight of the system’s security controls. After a system earns authorization to operate, continuous monitoring keeps track of how well those controls function, watches for new vulnerabilities, configuration changes, patch status, and incident activity, and assesses whether the risk posture remains acceptable. If changes in the system or environment raise risk or if controls weaken, the authorization decision may be revisited and reauthorization pursued. This continuous activity ensures the system stays compliant over time, making monitoring the concluding, perpetual phase in the C&A lifecycle.

Monitoring is the final phase because authorization isn’t a one-time event; it relies on ongoing oversight of the system’s security controls. After a system earns authorization to operate, continuous monitoring keeps track of how well those controls function, watches for new vulnerabilities, configuration changes, patch status, and incident activity, and assesses whether the risk posture remains acceptable. If changes in the system or environment raise risk or if controls weaken, the authorization decision may be revisited and reauthorization pursued. This continuous activity ensures the system stays compliant over time, making monitoring the concluding, perpetual phase in the C&A lifecycle.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy