Continuous Monitoring is the fourth phase of the security certification and accreditation process.
What activities are performed in the Continuous Monitoring process? Each correct answer represents a complete solution.
Choose all that apply.
Click on the arrows to vote for the correct answer
A. B. C. D. E.These tasks determine whether the changes that have occurred will negatively impact the system security.
Answer: A and C are incorrect.
Security accreditation.
Continuous Monitoring is the fourth phase of the security certification and accreditation process.
The Continuous Monitoring process consists of the following three main activities: Configuration management and control Security control monitoring and impact analyses of changes to the information system Status reporting and documentation The objective of these tasks is to observe and evaluate the information system security controls during the system life cycle.
decision and security accreditation documentation are the two tasks of the security accreditation phase.
Continuous Monitoring is an ongoing process that ensures the security of an information system remains effective over time. It is the fourth phase of the security certification and accreditation process, which involves regularly assessing the system's security controls and documenting the results. The following activities are performed in the Continuous Monitoring process:
B. Security control monitoring and impact analyses of changes to the information system: This involves monitoring the security controls that have been implemented to ensure they are still effective and identifying any changes to the system that could impact the security posture. This activity helps to identify potential security weaknesses and to ensure that security controls continue to function as intended.
D. Configuration management and control: This activity involves managing and controlling changes to the information system's configuration. It includes maintaining an inventory of system components and their configurations, tracking changes to the system, and ensuring that the system's security controls are configured correctly.
E. Status reporting and documentation: This activity involves documenting the results of security assessments and reporting the system's security status to stakeholders. It includes developing and maintaining security documentation, such as security plans, risk assessments, and vulnerability assessments, and communicating security status information to stakeholders.
A. Security accreditation decision: This activity involves making a decision regarding the system's security accreditation. It is typically based on the results of security assessments, including the results of continuous monitoring activities.
C. Security accreditation documentation: This activity involves documenting the system's security accreditation decision, along with any supporting documentation. It includes developing and maintaining security documentation, such as security plans, risk assessments, and vulnerability assessments, and communicating security accreditation information to stakeholders.
In summary, the Continuous Monitoring process involves regularly monitoring the system's security controls, managing changes to the system's configuration, documenting the results of security assessments, reporting the system's security status to stakeholders, and making a decision regarding the system's security accreditation based on the results of security assessments.