ISC2 Governance, Risk and Compliance (CGRC) Practice Question
After completing implementation of selected security and privacy controls for a new payroll system, the GRC analyst is asked to draft documentation that captures each control's implementation details, identifies the responsible roles, and explains how the controls satisfy applicable requirements within the system's defined boundary. Which document should the analyst develop to meet this purpose?
Risk Assessment Report that summarizes identified threats and vulnerabilities
Plan of Action and Milestones used to track corrective actions for control deficiencies
System Security Plan that documents control implementation within the system boundary
Incident Response Plan outlining detection, response, and recovery procedures
The System Security Plan (SSP) is the authoritative document that provides an overview of an information system's security and privacy requirements and describes how each implemented (or planned) control meets those requirements within the system's boundary. It also identifies the individuals or roles responsible for implementing and maintaining the controls. A Plan of Action and Milestones tracks remediation tasks for deficiencies, not the complete set of implemented controls. A Risk Assessment Report focuses on threats, vulnerabilities, and risk levels rather than documenting control implementation. An Incident Response Plan details procedures for detecting, responding to, and recovering from incidents, not a full catalog of controls. Therefore, the SSP is the correct choice.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
Why is the System Security Plan (SSP) important in security and privacy compliance?
Open an interactive chat with Bash
What is the difference between an SSP and a Risk Assessment Report?
Open an interactive chat with Bash
What roles are typically responsible for maintaining controls listed in the SSP?
Open an interactive chat with Bash
ISC2 Governance, Risk and Compliance (CGRC)
Implementation of Security and Privacy Controls
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .