ISC2 Certified Secure Software Lifecycle Professional (CSSLP) Practice Question
During preparation for an authority to operate (ATO), the software security manager must assemble the minimum documentation set defined by NIST for the authorization package. Which trio of documents satisfies this requirement?
Risk Assessment Report, Configuration Management Plan, Incident Response Plan
System Security Plan, Security Assessment Report, Plan of Action and Milestones
Threat Model, Static Code Analysis Results, Acceptance Test Report
Security Requirements Traceability Matrix, Change Control Log, Deployment Checklist
NIST's Risk Management Framework specifies that the authorization package submitted to the Authorizing Official contains three core documents: the System Security Plan (SSP), which describes the system and its implemented controls; the Security Assessment Report (SAR), which documents the results of testing those controls; and the Plan of Action and Milestones (POA&M), which lists residual weaknesses along with planned remediation steps and timelines. Together these give the Authorizing Official enough information to determine if residual risk is acceptable. The other answer sets omit at least one of these mandatory artifacts and include documents that, while useful, are not required elements of the authorization package itself.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is the System Security Plan (SSP)?
Open an interactive chat with Bash
What is the Security Assessment Report (SAR)?
Open an interactive chat with Bash
What is the Plan of Action and Milestones (POA&M)?
Open an interactive chat with Bash
ISC2 Certified Secure Software Lifecycle Professional (CSSLP)
Secure Software Lifecycle Management
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .