ISC2 Governance, Risk and Compliance (CGRC) Practice Question
Your audit team has documented objectives, scope, resources, methods, schedule, and logistics for a federal information system assessment. According to NIST guidance, what action must you take to formally finalize the assessment plan before fieldwork begins?
Obtain documented approval of the assessment plan from the authorizing official and system owner
Incorporate preliminary findings from previous assessments into the plan
Purchase vulnerability-scanning licenses and create tester accounts
Hold a kickoff meeting to brief assessors on rules of engagement
NIST SP 800-115 and SP 800-53A both state that an assessment or testing plan is not considered final until it receives formal approval from senior management-typically the authorizing official and the system owner. Their sign-off confirms that the defined scope, methods, resources, and schedule meet organizational and regulatory expectations and that management accepts any residual risks associated with the planned activities.
The other options describe useful preparation tasks but they do not constitute formal plan finalization. A kickoff briefing (option B) is normally scheduled after the plan is approved. Procuring tools and test accounts (option C) supports execution but can proceed only once the plan is authorized. Adding preliminary findings from earlier audits (option D) may enhance context, yet it is not a prerequisite for plan approval. Therefore, obtaining documented management approval is the required step to complete the assessment plan.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is the role of the authorizing official in the assessment process?
Open an interactive chat with Bash
What is NIST SP 800-53A, and how does it relate to assessment plans?
Open an interactive chat with Bash
Why is formal approval of the assessment plan necessary in compliance audits?
Open an interactive chat with Bash
ISC2 Governance, Risk and Compliance (CGRC)
Assessment/Audit of Security and Privacy Controls
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .