Which of the technical, operational or management control class requires Test (i.e, review of system configuration screenshot/report) as assessment method based on NIST 800-53A security controls assessment/testing guide?

1. 
   
2. Which of the A&A package item/security artifact is called test case?
3. 
   
4. Name the documents regarded as key A&A package items
5. 
   
6. How long does it typically take to an A&A project?
7. 
   
8. Name the document that contains the security assessment planning activities for A&A project
9. 
   
10. Name the document that contains the final report of the A&A assessment task
11. 
    
12. When is e-authentication assessment and documentation required for a system?
13. 
    
14. Does e-authentication assurance level 3 require a single-factor or multi-factor authentication?
15. 
    
16. When is privacy impact assessment (PIA) required for a system?
17. 
    
18. Name the document that tracks all the control weaknesses or findings noted in an A&A project up till when these findings are closed.
19. 
    
20. What is the full meaning of SORN, where is it published and name one of the conditions that requires its being created
21. 
    
22. Name the NIST publication that provides guidance for risk assessment, and used for determining risk level of identified security control findings
23. 
    

Answer rating: 100% (QA)

1 The technical control class requires Test as an assessment method based on NIST 80053A security co... View the full answer