ISC2 Governance, Risk and Compliance (CGRC) Practice Question
While preparing the final security assessment report for a federal information system, you must assign a compliance status to each individual security control. According to NIST RMF reporting conventions, which status indicator should be recorded when the control is fully implemented and operating exactly as intended with no identified deficiencies?
NIST SP 800-53A instructs assessors to label each control as Implemented (also called Satisfied) when evidence shows the control is completely in place and functions correctly. Controls that have deficiencies are marked Open or Other-Than-Satisfied, and those outside the system's scope are labeled Not Applicable.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What does 'NIST RMF' stand for and what is its purpose?
Open an interactive chat with Bash
What is NIST SP 800-53A and how is it used in compliance assessments?
Open an interactive chat with Bash
What is the difference between 'Implemented' and 'Open' security controls in NIST RMF?
Open an interactive chat with Bash
ISC2 Governance, Risk and Compliance (CGRC)
Assessment/Audit of Security and Privacy Controls
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .