ISC2 Governance, Risk and Compliance (CGRC) Practice Question
While building the schedule for a 30-day security control assessment, a GRC analyst identifies the following milestones: (1) collect system documentation, (2) finalize and approve the assessment plan, (3) begin onsite testing, and (4) conduct the exit briefing. Which milestone must be completed immediately before the start of onsite testing to keep the schedule on track and in compliance with NIST assessment guidance?
Conduct the exit briefing with system stakeholders
Distribute the draft assessment report for management review
Compile and index all system documentation provided by the owner
Finalize and obtain formal approval of the assessment plan
NIST guidance such as SP 800-53A and SP 800-115 requires that the security assessment plan be formally reviewed and approved by the authorizing official and key stakeholders before any testing activities begin. This approval establishes agreement on scope, methods, and timing, and it provides the legal and organizational authorization for assessors to access systems and data. If the plan is not finalized and signed off before fieldwork, testing may have to be delayed or halted, jeopardizing the entire schedule. Collecting documentation can occur earlier, and the exit briefing and draft report occur after testing, so they do not satisfy the requirement to precede onsite assessment work.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is NIST SP 800-53A?
Open an interactive chat with Bash
Why is formal approval of the assessment plan important?
Open an interactive chat with Bash
What is the purpose of an onsite security control assessment?
Open an interactive chat with Bash
What is the purpose of finalizing and approving the assessment plan before testing?
Open an interactive chat with Bash
What is NIST SP 800-53A?
Open an interactive chat with Bash
Why does onsite testing require formal authorization?
Open an interactive chat with Bash
What is the significance of formal approval of a security assessment plan in NIST guidance?
Open an interactive chat with Bash
What role does NIST SP 800-53A play in security control assessments?
Open an interactive chat with Bash
Why must onsite testing be preceded by compiling system documentation?
Open an interactive chat with Bash
ISC2 Governance, Risk and Compliance (CGRC)
Assessment/Audit of Security and Privacy Controls
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .