APPLYING ASSESSMENT & AUTHORIZATION (A&A) IN THE NATIONAL INDUSTRIAL SECURITY PROGRAM (NISP) ACTUAL

APPLYING ASSESSMENT & AUTHORIZATION (A&A) IN THE NATIONAL INDUSTRIAL SECURITY PROGRAM (NISP) ACTUAL 2025/2026 Q&A 100% PASS Select all of the correct responses. Which of the following tasks should the Information System Security Manager (ISSM) perform before beginning the A&A process? Select one or more: a. Review the DSS Risk Management Framework (RMF) website b. Purchase Information System hardware c. Possess and understand sponsorship and security documentation d. Contact the Authorizing Official (AO) with questions e. Register for an ODAA Business Management System (OBMS) account - Answer -a. Review the DSS Risk Management Framework (RMF) website c. Possess and understand sponsorship and security documentationSelect all of the correct responses. Which of the following must the Information System Security Manager (ISSM) describe at the end of Step 2, Select Security Controls? Select one or more: a. Baseline security controls b. Security control tailoring c. Selection of overlays d. Continuous monitoring strategy - Answer -a. Baseline security controls b. Security control tailoring c. Selection of overlays d. Continuous monitoring strategy True or false? When security control implementation is documented, it must describe how the security controls achieve the required security capability. Select one: True False - Answer -True When does continuous monitoring begin? Select one: a. After the Information System has been operational for 30 daysb. Once the security authorization package is submitted c. As soon as Authorization to Operate (ATO) or ATO with conditions is issued d. After the Information System has been operational for 1 year - Answer -c. As soon as Authorization to Operate (ATO) or ATO with conditions is issued When does DSS schedule an on-site assessment of the security controls? Select one: a. 30 days after initiation of the A&A process b. When the System Security Plan (SSP) and supporting artifacts are complete c. When required by the Authorizing Official (AO) d. As soon as the security controls are implemented - Answer -Not c How does an Information System Security Manager (ISSM) submit the System Security Plan (SSP) to DSS? Select one: a. Email it to the Authorizing Official (AO) b. Upload it to the ODAA Business Management System (OBMS) c. Upload it via the submission interface on the DSS Risk Management Framework (RMF) website d. Email it to the Security Controls Assessor (SCA) - Answer -Not C