An Interim Authorization To Test (IATT) may be granted for how many days, maximum?

What will happen to operational systems that receive a Denial of Authorization To Operate (DATO)?

For a new information system, system security tests should be performed at which time during the system development life cycle (SDLC) to ensure that it meets all required security specifications?

Which phases of the system development life cycle (SDLC) does documentation of planned control implementations occur during?

During the cybersecurity control assessment, who performs the risk assessment to determine overall system cybersecurity risk?

One of the purposes of this Act was to recognize the highly networked nature of the current Federal computing environment and provide effective governmentwide management and oversight of the related information security risks.

The analysis that requires the consideration of closely interwoven factors, such as the security controls in place for the system under review, the likelihood that those controls will be either insufficient or ineffective protection of the system, and the impact of that failure is otherwise known as which of the following?

Which of the following is not a valid authorizing official’s (AO) expressed authorization decision?

The process of identifying weaknesses in security configuration controls.

One of the purposes of this Act was to promote access to high-quality Government information and services across multiple channels.