ISC2 Governance, Risk and Compliance (CGRC) Practice Question
When finalizing the Authorization Decision document, an authorizing official wants to be sure the Authorization to Operate communicates any operational limitations to the system owner and information system security officer. Which item is required in the ATO for this purpose?
A memorandum of understanding with interconnected external systems
The executive summary section of the System Security Plan
Recent continuous monitoring security status reports
Terms and conditions that define required security controls, usage constraints, and reporting obligations
NIST SP 800-37 Rev. 2 states that an Authorization Decision document must contain three core elements: the authorization decision itself (e.g., ATO, ATO with conditions, or denial), the authorization termination date, and the terms and conditions under which the system is approved to operate. The terms and conditions section spells out any usage restrictions, mandatory security controls, reporting requirements, or other constraints that the authorizing official imposes to keep residual risk within the organization's risk tolerance. Including the System Security Plan's executive summary, a memorandum of understanding with external parties, or recent continuous monitoring reports may be useful supporting artifacts, but none of those items is mandated content for the Authorization to Operate. Only the explicit terms and conditions satisfy the requirement to document operational limitations in the ATO.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is an Authorization to Operate (ATO)?
Open an interactive chat with Bash
What does 'terms and conditions' in an ATO document mean?
Open an interactive chat with Bash
How does NIST SP 800-37 Rev. 2 guide the Authorization Decision process?
Open an interactive chat with Bash
ISC2 Governance, Risk and Compliance (CGRC)
System Compliance
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .