ISC2 Systems Security Certified Practitioner (SSCP) Practice Question
An organization is planning to purchase a hardware security module (HSM) to store production encryption keys for a new payment-processing system. Corporate policy states that any device entrusted with key custody must be validated to at least FIPS 140-3 Level 3. As the security practitioner assigned to the acquisition effort, which action will most effectively ensure that only products meeting this security requirement are considered during procurement?
Accept a signed statement from the vendor that its HSM is FIPS 140-3 compliant, and schedule independent testing after installation is complete.
Specify the FIPS 140-3 Level 3 requirement in the RFP and require vendors to submit their NIST validation certificates with their bids.
Select the lowest-priced HSM and plan to deploy software-based encryption controls to compensate for any missing certifications.
Postpone all security validation until the first annual audit after the HSMs are in production.
The most effective way to ensure that purchased assets satisfy mandatory security requirements is to embed those requirements directly into the procurement documents and demand objective proof from vendors. By adding a clause to the request for proposal (RFP) that specifies "FIPS 140-3 Level 3 validated" and obliges bidders to provide their official NIST validation certificates, the acquisition team filters out non-compliant products before any purchase decisions are made. Relying on a vendor's self-attestation, delaying evaluation until after deployment, or planning to compensate later all introduce unnecessary risk and may violate organizational policy. Therefore, documenting the requirement in the RFP and requiring evidence of current validation is the correct approach.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a Hardware Security Module (HSM)?
Open an interactive chat with Bash
What is FIPS 140-3 Level 3 compliance?
Open an interactive chat with Bash
What is NIST validation and why is it important?
Open an interactive chat with Bash
ISC2 Systems Security Certified Practitioner (SSCP)
Security Concepts and Practices
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99 $11.99
$11.99/mo
Billed monthly, Cancel any time.
$19.99 after promotion ends
3 Month Pass
$44.99 $26.99
$8.99/mo
One time purchase of $26.99, Does not auto-renew.
$44.99 after promotion ends
Save $18!
MOST POPULAR
Annual Pass
$119.99 $71.99
$5.99/mo
One time purchase of $71.99, Does not auto-renew.
$119.99 after promotion ends
Save $48!
BEST DEAL
Lifetime Pass
$189.99 $113.99
One time purchase, Good for life.
Save $76!
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .