CAP CAP Security Documentation & Authorization Artifacts

Question 1

Which document serves as the primary artifact in the NIST RMF that describes the security controls implemented in an information system?

Accepted Answer

System Security Plan (SSP)

Answer

Plan of Action and Milestones (POA&M)

Answer

Security Assessment Report (SAR)

Answer

Authorization to Operate (ATO)

Question 2

What is the primary purpose of a Plan of Action and Milestones (POA&M) in the RMF process?

Accepted Answer

To track and remediate identified security weaknesses and deficiencies

Answer

To document system hardware inventory

Answer

To authorize a system for operation

Answer

To record user access permissions

Question 3

Who is responsible for signing and issuing an Authorization to Operate (ATO) for a federal information system?

Accepted Answer

Authorizing Official (AO)

Answer

System Owner

Answer

Information System Security Officer (ISSO)

Answer

Security Control Assessor (SCA)

Question 4

Which RMF artifact documents the results of security control assessments performed by an independent assessor?

Accepted Answer

Security Assessment Report (SAR)

Answer

System Security Plan (SSP)

Answer

Privacy Impact Assessment (PIA)

Answer

Contingency Plan

Question 5

What type of authorization boundary defines the scope of an information system for RMF documentation purposes?

Accepted Answer

Authorization boundary

Answer

Physical perimeter

Answer

Network perimeter

Answer

Trust boundary

Question 6

Which document type defines the specific test procedures used to assess whether security controls are implemented correctly?

Accepted Answer

Security Assessment Plan (SAP)

Answer

System Security Plan (SSP)

Answer

Privacy Impact Assessment (PIA)

Answer

Interconnection Security Agreement (ISA)