Question

__________________________________, which is one of the tailoring considerations, must be identified prior to system security plan preparation in order to identity those controls covered at the agency level, which are not system-specific. These ___________________________ can then be incorporated into the system security plan by reference.

A. Vulnerabilities; vulnerabilities
B. Controls; controls
C. Security requirements; security requirements
D. Agency policies; agency policies

Answer 1

The correct answer is 'Controls; controls', identifying non-system-specific controls at the agency level to incorporate into the system security plan through reference.

Step-by-step explanation:

The correct answer to this question is Controls; controls. In the context of system security plan preparation, it's crucial to identify certain elements beforehand. These elements are the controls that are not system-specific but covered at the agency level. Recognizing these controls is essential because they can be included in the system security plan simply by reference, thereby streamlining the process and ensuring comprehensive coverage of security measures. Tailoring considerations must always take into account these broader agency-level controls to avoid redundancy and ensure all security aspects are addressed.