Answer:
The correct answer is a) Every year. Explanation: The security categorization for an information system is typically revalidated every year. Security categorization involves assessing the potential impact of a security breach on the confidentiality, integrity, and availability of the system's information. It helps determine the appropriate security controls and measures to protect the system. Revalidating the security categorization on an annual basis ensures that the system's security posture remains up to date and aligned with any changes in the system's environment, technology, or threats. It allows organizations to assess and address any new risks or vulnerabilities that may have emerged since the previous validation. Regular revalidation also ensures compliance with industry standards and regulations, as well as best practices for information security. It helps organizations stay proactive in managing and mitigating potential security risks, ensuring the ongoing protection of sensitive information and the overall security of the information system.
Step-by-step explanation: