ISC2 Governance, Risk and Compliance (CGRC) Practice Question
During RMF Step 5 (Authorize), you are verifying that the cloud system's authorization package is complete before sending it to the authorizing official. Which set of artifacts represents the minimum required core documents that must be included?
System Security Plan, Security Assessment Report, Plan of Action and Milestones
Risk Assessment Report, Plan of Action and Milestones, Incident Response Plan
Security Categorization Report, System Security Plan, Continuous Monitoring Strategy
Security Assessment Plan, Security Assessment Report, Configuration Management Plan
NIST SP 800-37 Rev. 2 defines the authorization package as containing three core artifacts: the System Security Plan (SSP), the Security Assessment Report (SAR), and the Plan of Action and Milestones (POA&M). The SSP describes the system and implemented controls, the SAR documents the assessor's findings on control effectiveness, and the POA&M lists any deficiencies along with planned remediation. Together these provide the information an authorizing official needs to render a risk-based decision. The other answer sets omit at least one of these required items or substitute supplemental documents that, while useful, are not part of the minimum package.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is the role of the System Security Plan (SSP) in the authorization package?
Open an interactive chat with Bash
Why is the Security Assessment Report (SAR) essential in the RMF authorization process?
Open an interactive chat with Bash
What is included in the Plan of Action and Milestones (POA&M), and why is it important?
Open an interactive chat with Bash
ISC2 Governance, Risk and Compliance (CGRC)
System Compliance
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .