Certified Chief Information Security Officer (CCISO) — Question 128
You have been hired as the Information System Security Officer (ISSO) for a US federal government agency. Your role is to ensure the security posture of the system is maintained. One of your tasks is to develop and maintain the system security plan (SSP) and supporting documentation.
Which of the following is NOT documented in the SSP?
Answer options
- A. The controls in place to secure the system
- B. Name of the connected system
- C. The results of a third-party audits and recommendations
- D. Type of information used in the system
Correct answer: C
Explanation
The correct answer is C because the SSP focuses on the security measures and system characteristics rather than specific audit results and recommendations, which are typically documented separately. Options A, B, and D are all essential components of the SSP, detailing the security controls, system identification, and information types involved.