Certified in Risk and Information Systems Control (CRISC) — Question 555

An organization uses one centralized single sign-on (SSO) control to cover many applications. Which of the following is the BEST course of action when a new application is added to the environment after testing of the SSO control has been completed?

Answer options

• A. Initiate a retest of the full control.
• B. Re-evaluate the control during the next assessment.
• C. Review the corresponding change control documentation.
• D. Retest the control using the new application as the only sample.

Correct answer: A

Explanation

The correct answer is A because initiating a retest of the full control ensures that the new application integrates properly with the existing SSO system and that overall security is maintained. Options B and C do not address the immediate need to verify the control's effectiveness with the new application, while D may not provide a comprehensive assessment of the control's performance across all applications.