ISC2 Governance, Risk and Compliance (CGRC) Practice Question
After a federal agency completes FIPS 199 impact categorization for a newly acquired cloud service, the system owner proceeds to the Select step of the NIST Risk Management Framework. Which activity is the system owner expected to carry out during this step to address security and privacy risk?
Request the Authorizing Official's formal approval for the system to operate in the production environment.
Tailor the initial security control baseline and record the selected controls in the System Security Plan.
Validate that implemented controls operate as intended and develop a security assessment report.
Collect continuous monitoring data to maintain an up-to-date view of the system's risk posture.
In the NIST RMF sequence-Prepare, Categorize, Select, Implement, Assess, Authorize, Monitor-the purpose of the Select step is to choose and tailor an initial set of security and privacy controls that are commensurate with the impact level determined in Categorize. During this step, the system owner (with support from the information system security and privacy officers) reviews the relevant NIST SP 800-53 control baseline, applies tailoring guidance and overlays, and documents the resulting control set in the System Security Plan (SSP). Validating control effectiveness is part of Assess, seeking an Authority to Operate belongs to Authorize, and ongoing data collection is a Monitor activity. Therefore, tailoring and documenting the baseline controls is the correct action for the Select step, while the other choices belong to later RMF steps and would not be performed here.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is FIPS 199 Impact Categorization?
Open an interactive chat with Bash
What is the purpose of the Select step in the NIST RMF?
Open an interactive chat with Bash
What is a System Security Plan (SSP) and its role in RMF?
Open an interactive chat with Bash
ISC2 Governance, Risk and Compliance (CGRC)
Security and Privacy Governance, Risk Management, and Compliance Program
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .