ISC2 Governance, Risk and Compliance (CGRC) Practice Question
An accredited third-party assessment organization has completed testing the security controls of your agency's new case-management system. As you assemble the authorization package for the Authorizing Official, which document must capture the assessor's test procedures, evidence reviewed, detailed control results, and a summary of residual weaknesses?
The Security Assessment Report (SAR) is produced by the assessor after control testing is complete. It documents the methods used, evidence examined, control-by-control results, identified weaknesses or deficiencies, and provides recommendations. The Authorizing Official relies on the SAR to judge overall control effectiveness and residual risk before making an authorization decision.
The System Security Plan (SSP) describes the system, its environment, and the controls that are implemented or planned-it does not present test results.
The Plan of Action and Milestones (POA&M) captures corrective actions the system owner will take to remediate findings; it is populated after reviewing the SAR, not during assessment reporting.
A Continuous Monitoring Strategy outlines how security posture will be monitored post-authorization and likewise does not contain the assessor's detailed findings.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is the primary purpose of a Security Assessment Report (SAR)?
Open an interactive chat with Bash
How does the Security Assessment Report (SAR) differ from the System Security Plan (SSP)?
Open an interactive chat with Bash
When is the Plan of Action and Milestones (POA&M) created, and how does it relate to the SAR?
Open an interactive chat with Bash
ISC2 Governance, Risk and Compliance (CGRC)
System Compliance
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .