ISC2 Governance, Risk and Compliance (CGRC) Practice Question
During a pre-authorization quality review, you discover that a section of the draft System Security Plan (SSP) for a new federal moderate-impact system is blank. Without this information, the Authorizing Official cannot confirm that the selected NIST SP 800-53 baseline is appropriate. Which missing element must be completed before the package is submitted?
The schedule for the next annual penetration test
The system's FIPS 199 security categorization results
A list of outstanding POA&M findings and milestones
Copies of vendor hardware and software maintenance contracts
The SSP is required to document the system's security categorization results derived from FIPS 199 (and typically supported by NIST SP 800-60). The categorization establishes the confidentiality, integrity, and availability impact levels of the information system and drives selection of the initial security control baseline. If this data is absent, the Authorizing Official lacks the foundation for evaluating whether the chosen controls adequately address the system's risk. While POA&M items, penetration-test schedules, and maintenance contracts are useful, they are not prerequisites for determining the correct baseline and therefore are not the critical element that would cause the SSP to be rejected for authorization review.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
Why is the FIPS 199 security categorization critical for the SSP?
Open an interactive chat with Bash
What is NIST SP 800-53 and how does it relate to FIPS 199?
Open an interactive chat with Bash
How do NIST SP 800-60 guidelines support FIPS 199 categorization?
Open an interactive chat with Bash
ISC2 Governance, Risk and Compliance (CGRC)
System Compliance
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .