Which of the technical, operational or management control class requires Test (i.e, review of system configuration screenshot/report)
Fantastic news! We've Found the answer you've been seeking!
Question:
Which of the technical, operational or management control class requires Test (i.e, review of system configuration screenshot/report) as assessment method based on NIST 800-53A security controls assessment/testing guide?
- Which of the A&A package item/security artifact is called test case?
- Name the documents regarded as key A&A package items
- How long does it typically take to an A&A project?
- Name the document that contains the security assessment planning activities for A&A project
- Name the document that contains the final report of the A&A assessment task
- When is e-authentication assessment and documentation required for a system?
- Does e-authentication assurance level 3 require a single-factor or multi-factor authentication?
- When is privacy impact assessment (PIA) required for a system?
- Name the document that tracks all the control weaknesses or findings noted in an A&A project up till when these findings are closed.
- What is the full meaning of SORN, where is it published and name one of the conditions that requires its being created
- Name the NIST publication that provides guidance for risk assessment, and used for determining risk level of identified security control findings
Related Book For
Auditing a risk based approach to conducting a quality audit
ISBN: 978-1133939153
9th edition
Authors: Karla Johnstone, Audrey Gramling, Larry Rittenberg
Posted Date: