CompTIA CASP+ Practice Test 2025 - Free CASP+ Practice Questions and Study Guide

In situations where an organization faces challenges with legacy applications that cannot meet modern security policies, providing a business justification for a risk exception is a practical approach. This option allows the organization to acknowledge the limitations of the legacy systems while simultaneously assessing and documenting the associated risks.

This process involves evaluating the potential vulnerabilities posed by the inability of these applications to comply with the password length policy, followed by outlining the rationale for accepting those risks based on business needs, operational impact, or resource constraints. By formalizing the exception, the organization can maintain compliance with regulatory and internal standards while developing a plan for future upgrades or integrations that better align with security best practices.

This path also encourages the organization to prioritize legacy systems for review or improvement in the future, driving the intent to eventually mitigate identified risks through better technology without disrupting business operations immediately.