FITSP - Auditor Questions and Answers
Graded A+
The following legislation requires federal agencies to establish capital planning
and investment control policies and procedures when procuring information
technology:
a) E-Government Act of 2002
b) Federal Information Security Management Act (FISMA)
c) Government Information Security Reform Act (GISRA)
d) Clinger-Cohen Act - Correct answer-Clinger-Cohen Act
The following legislation requires federal agencies to appoint a Chief Information
Officer:
a) E-Government Act of 2002
b) Federal Information Security Management Act (FISMA)
c) Government Information Security Reform Act (GISRA)
d) Clinger-Cohen Act - Correct answer-Clinger-Cohen Act
©COPYRIGHT 2025, ALL RIGHTS RESERVED 1
,The following legislation requires federal agencies to develop, document, and
implement an agency-wide information security program:
a) E-Government Act of 2002, Section 208
b) Federal Information Security Management Act (FISMA)
c) Government Information Security Reform Act (GISRA)
d) Clinger-Cohen Act - Correct answer-Federal Information Security Management
Act (FISMA)
The following legislation requires federal agencies to prepare Privacy Impact
Assessments (PIAs) when developing or procuring new information technology:
a) E-Government Act of 2002, Section 208
b) Federal Information Security Management Act (FISMA)
c) Privacy Act, 1974
d) Clinger-Cohen Act - Correct answer-E-Government Act of 2002, Section 208
The following legislation requires each agency with an Inspector General to
conduct an annual evaluation of agency's information security program, or to
appoint an
independent external auditor, to conduct the evaluation on their behalf:
©COPYRIGHT 2025, ALL RIGHTS RESERVED 2
,a) E-Government Act of 2002, Title I
b) Federal Information Security Management Act (FISMA)
c) Government Information Security Reform Act (GISRA)
d) Clinger-Cohen Act - Correct answer-Federal Information Security Management
Act (FISMA)
The Secretary of what department or agency was delegated the responsibility by
FISMA to prescribe standards and guidelines pertaining to federal information
systems
to improve the efficiency of operation or security of Federal information systems:
a) Department of Homeland Security (DHS)
b) Defense Department
c) Commerce Department
d) National Security Agency - Correct answer-
The following OMB guidance established the requirement for federal agencies to
review the security controls in each system when significant modifications are
made to
©COPYRIGHT 2025, ALL RIGHTS RESERVED 3
, the system, or at least every three years. This guidance also requires federal
agencies to re-authorize information systems every three years.
a) OMB Circular No. A-123- Management Accountability and Control
b) OMB Circular No. A-130, Appendix III, Security of Federal Automated
Information Resources
c) OMB Circular No. A-127, Financial Management Systems
d) OMB Circular No. A-136, Financial Management Reporting Requirements -
Correct answer-OMB Circular No. A-130, Appendix III, Security of Federal
Automated Information Resources
The Federal Information Security Modernization Act of 2014 (FISMA 2014)
formally assigns information security responsibilities to which of the following
agencies/departments (select two):
a) Commerce
b) DHS
c) Justice
d) OMB - Correct answer-DHS and OMB
What is the required frequency of FISMA reporting feeds for CFO Act agencies?
©COPYRIGHT 2025, ALL RIGHTS RESERVED 4
Graded A+
The following legislation requires federal agencies to establish capital planning
and investment control policies and procedures when procuring information
technology:
a) E-Government Act of 2002
b) Federal Information Security Management Act (FISMA)
c) Government Information Security Reform Act (GISRA)
d) Clinger-Cohen Act - Correct answer-Clinger-Cohen Act
The following legislation requires federal agencies to appoint a Chief Information
Officer:
a) E-Government Act of 2002
b) Federal Information Security Management Act (FISMA)
c) Government Information Security Reform Act (GISRA)
d) Clinger-Cohen Act - Correct answer-Clinger-Cohen Act
©COPYRIGHT 2025, ALL RIGHTS RESERVED 1
,The following legislation requires federal agencies to develop, document, and
implement an agency-wide information security program:
a) E-Government Act of 2002, Section 208
b) Federal Information Security Management Act (FISMA)
c) Government Information Security Reform Act (GISRA)
d) Clinger-Cohen Act - Correct answer-Federal Information Security Management
Act (FISMA)
The following legislation requires federal agencies to prepare Privacy Impact
Assessments (PIAs) when developing or procuring new information technology:
a) E-Government Act of 2002, Section 208
b) Federal Information Security Management Act (FISMA)
c) Privacy Act, 1974
d) Clinger-Cohen Act - Correct answer-E-Government Act of 2002, Section 208
The following legislation requires each agency with an Inspector General to
conduct an annual evaluation of agency's information security program, or to
appoint an
independent external auditor, to conduct the evaluation on their behalf:
©COPYRIGHT 2025, ALL RIGHTS RESERVED 2
,a) E-Government Act of 2002, Title I
b) Federal Information Security Management Act (FISMA)
c) Government Information Security Reform Act (GISRA)
d) Clinger-Cohen Act - Correct answer-Federal Information Security Management
Act (FISMA)
The Secretary of what department or agency was delegated the responsibility by
FISMA to prescribe standards and guidelines pertaining to federal information
systems
to improve the efficiency of operation or security of Federal information systems:
a) Department of Homeland Security (DHS)
b) Defense Department
c) Commerce Department
d) National Security Agency - Correct answer-
The following OMB guidance established the requirement for federal agencies to
review the security controls in each system when significant modifications are
made to
©COPYRIGHT 2025, ALL RIGHTS RESERVED 3
, the system, or at least every three years. This guidance also requires federal
agencies to re-authorize information systems every three years.
a) OMB Circular No. A-123- Management Accountability and Control
b) OMB Circular No. A-130, Appendix III, Security of Federal Automated
Information Resources
c) OMB Circular No. A-127, Financial Management Systems
d) OMB Circular No. A-136, Financial Management Reporting Requirements -
Correct answer-OMB Circular No. A-130, Appendix III, Security of Federal
Automated Information Resources
The Federal Information Security Modernization Act of 2014 (FISMA 2014)
formally assigns information security responsibilities to which of the following
agencies/departments (select two):
a) Commerce
b) DHS
c) Justice
d) OMB - Correct answer-DHS and OMB
What is the required frequency of FISMA reporting feeds for CFO Act agencies?
©COPYRIGHT 2025, ALL RIGHTS RESERVED 4