ISC2 Governance, Risk and Compliance (CGRC) Practice Question
During a security authorization effort, the assessment team documents several moderate residual risks that still exceed the system owner's risk tolerance. The owner asks to accept these risks to avoid mission delay. Before the POA&M is closed, which stakeholder's formal concurrence is required to legitimize the risk-acceptance decision?
The Security Control Assessor (SCA)
The Information System Security Officer (ISSO)
The Chief Information Officer (CIO)
The Authorizing Official with responsibility for the information system
Under the NIST Risk Management Framework, only the Authorizing Official (AO)-a senior leader with the authority to formally assume responsibility for operating a system at an accepted level of risk-can approve or concur with risk acceptance. While the system owner, CIO, and ISSO provide input and may recommend acceptance or additional treatment, they do not have the statutory authority to accept risk on behalf of the organization. The Security Control Assessor supplies risk findings but likewise lacks decision authority. Therefore, the AO's concurrence is mandatory before residual risks can be accepted and the POA&M closed.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is the role of an Authorizing Official (AO) in the NIST Risk Management Framework?
Open an interactive chat with Bash
What is a POA&M in the context of security authorization?
Open an interactive chat with Bash
Why can the Security Control Assessor (SCA) not approve residual risk acceptance?
Open an interactive chat with Bash
ISC2 Governance, Risk and Compliance (CGRC)
System Compliance
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .