Certified Governance Risk and Compliance (CGRC) Practice Exam 2025 - Free CGRC Practice Questions and Study Guide

The choice of "Re-Authorization" as not being a recognized phase of the System Authorization Plan is notable because the commonly accepted phases include Authorization, Certification, and Post-Authorization.

To clarify, the Authorization phase refers to the formal acceptance of the system's security posture, ensuring it meets the necessary standards and controls. Certification is the process of evaluating the system's security features and compliance against required policies and controls. Post-Authorization encompasses ongoing reviews and monitoring to ensure that the system maintains compliance and continues to meet security requirements over time.

While reauthorization is an important aspect of maintaining a system's security posture, it is typically viewed as part of the ongoing maintenance activities rather than a distinct phase in the formal System Authorization Plan. Therefore, the classification of "Re-Authorization" into a phase may lead to confusion as it is not codified as a separate step in the traditional authorization framework.